Generate strong random passwords online. Customize length, characters, digits, and special symbols
Generating...
Generation of cryptographically strong passwords.
Uses window.crypto for secure random character generation. All passwords are created locally in the browser and are not sent to a server.
The strength indicator is based on password entropy — the longer the password and the larger the character set, the higher the strength.
Online Password Generator — Strong Passwords and Passphrases
The generator creates cryptographically strong passwords and passphrases using crypto.getRandomValues() — a browser API with true randomness. Shows crack time, entropy, and strength rating.
Cryptographically Strong Generation
Standard Math.random() is predictable and unsuitable for passwords. Our generator uses crypto.getRandomValues() — a CSPRNG that is unpredictable even with knowledge of previous values. The same method used by 1Password, Bitwarden, and LastPass.
Password vs Passphrase
| Parameter | Random password | Passphrase |
|---|---|---|
| Example | xK9#mP2$nQ7! | correct horse battery staple |
| Length | 12–16 characters | 4–6 words (~25 chars) |
| Memorability | Hard | Easy |
| Brute-force resistance | Very high | High |
Entropy and Crack Time
| Length / charset | Entropy | Crack time (10B tries/s) |
|---|---|---|
| 8 chars, lowercase only | 37.6 bits | ~2 seconds |
| 12 chars, letters + digits | 71.5 bits | ~74 years |
| 16 chars, all characters | 105 bits | 1014 years |
| 4 words from 8192 (passphrase) | 51.5 bits | ~1 year |
Security Tips
- Unique password per site — one compromise doesn't expose the rest
- Password manager — Bitwarden, 1Password, KeePass
- Two-factor authentication — even with a weak password, 2FA drastically reduces risk
Frequently Asked Questions
Is it safe to generate passwords online?
Yes. Generation happens in your browser via Web Crypto API. The password is never sent to a server.
What does "exclude similar characters" mean?
Removes visually confusable characters: 0/O, 1/l/I. Useful for passwords typed manually.
How much entropy is enough?
For personal accounts — 60+ bits. For critical systems — 80+ bits.
Check an existing password's strength with the password strength analyzer.
Useful articles
WCAG Color Contrast: Website Accessibility Guide
A complete guide to color contrast: WCAG 2.1 standards, AA and AAA levels, calculation formula, practical examples of good and bad contrast, and how to fix accessibility issues.
CSS Border Radius: Rounding Element Corners
How to use border-radius: syntax, shorthand notation, elliptical corners. Online border-radius generator.