Security · No. 16
Password Generator
This tool builds strong, unpredictable passwords using your browser cryptographic randomness. Set the length, choose which character types to include, or switch to a memorable passphrase, and copy the result with one click. Every password is generated on your device and never leaves your browser.
Why random passwords beat memorable ones
A password you invent tends to follow patterns an attacker already expects, such as a name, a date, a keyboard run, or a word with a number tacked on the end. Cracking software tries dictionaries, common substitutions, and leaked password lists first, so anything human friendly falls quickly. A password drawn at random has no pattern to guess, which is why it holds up far better.
This generator uses the browser cryptographic random source, which is designed to be unpredictable, rather than a simple random function. The strength meter reports entropy in bits, a measure of how many possibilities an attacker would have to work through. More length and a wider mix of character types both raise that number, and every extra bit roughly doubles the effort needed to break the password.
How long and how unique a password should be
Length is the single biggest factor in password strength, so aim for at least 16 characters for important accounts and go longer where a site allows it. A long mix of uppercase, lowercase, digits, and symbols gives you high entropy in a compact string. If a password will be typed by hand often, the passphrase mode produces several random words that are simpler to enter while staying hard to guess.
Just as important, use a different password for every account. When one service is breached, attackers replay the leaked email and password pair against other sites in an attack called credential stuffing, so a reused password turns a single breach into many. A unique password per account contains the damage to the one service that was exposed.
The exclude ambiguous option removes look alike characters such as the letter O and the number 0, or a lowercase l and the number 1. That makes a password easier to read and retype from a screen without weakening it much, which is handy for passwords you enter on a game console or smart TV.
Store passwords in a manager and keep them private
Strong, unique passwords are only practical if you do not have to remember them, and that is what a password manager is for. A manager generates, stores, and fills long random passwords across your devices, so you only memorize one strong master password. Most modern browsers and phones include a built in manager, and dedicated apps add features like breach alerts and secure sharing.
Pair your passwords with two factor authentication wherever it is offered, since a second factor stops an attacker who has your password alone. This tool never transmits or saves what it creates. Generation happens entirely in your browser, nothing is sent over the network, and the passwords disappear as soon as you close or refresh the page, so copy anything you want to keep straight into your manager.
Frequently Asked Questions
- Is this password generator safe to use?
- Yes. Every password is created locally in your browser using its cryptographic random source, and nothing is sent over the network or saved. The passwords exist only on your screen until you copy them, and they clear when you refresh or close the page. For safety, paste new passwords straight into a password manager.
- How long should my password be?
- Aim for at least 16 characters on important accounts, and longer wherever the site allows it. Length adds more strength than any single character trick, because each extra character sharply increases the number of possibilities. If you will type the password often, the passphrase mode gives you length in a form that is easier to enter.
- Are random passwords really stronger than ones I can remember?
- Yes. Passwords people invent follow predictable patterns that cracking tools try first, such as names, dates, and common word and number combinations. A random password has no pattern to exploit, so it resists guessing and dictionary attacks far better. The strength meter shows the entropy so you can compare options.
- What is a passphrase and when should I use one?
- A passphrase is a password made of several random words strung together, which is easier to read and type than a jumble of symbols. It can reach strong entropy through length alone when the words are chosen randomly. Passphrases are a good fit for passwords you enter by hand often, such as a device login or a console account.
- Should I use a different password for every account?
- Yes, always. If you reuse a password and one site is breached, attackers replay that leaked email and password pair against your other accounts. A unique password for each account keeps a single breach from spreading. A password manager makes this practical by storing all of them for you.
- Do I need a password manager?
- A password manager is the easiest way to use long, unique passwords everywhere, because it generates, stores, and fills them so you only remember one master password. Browsers and phones include a built in option, and dedicated apps add breach alerts and secure sharing. Turn on two factor authentication as well for an extra layer of protection.