This free online password generator creates strong, random passwords with full control over length, character sets, and complexity requirements. The built-in strength meter displays entropy bits and estimated crack time, helping you understand exactly how secure each generated password is — all processing happens in your browser with no server involvement.
Step-by-Step
Set the password length — Use the slider to choose between 4 and 128 characters. Longer passwords are exponentially harder to crack.
Select character sets — Toggle uppercase letters, lowercase letters, numbers, and special symbols on or off.
Generate — Click Generate to create a random password. The strength meter updates instantly.
Copy to clipboard — One-click copy to paste into your password manager, signup form, or configuration file.
Batch generate — Need multiple passwords? Generate a batch of unique passwords at once.
Features
Adjustable length — Slider from 4 to 128 characters with precise control.
Four character sets — Uppercase (A–Z), lowercase (a–z), numbers (0–9), and symbols (!@#$%^&*).
Strength meter — Visual indicator from Weak to Fort Knox based on entropy calculation.
Entropy display — Shows the exact number of entropy bits for the generated password.
Crack time estimate — Estimated time to brute-force the password assuming bcrypt hashing at 10,000 attempts per second.
Cryptographically secure — Uses crypto.getRandomValues() for true randomness.
Common Use Cases
Account Registration — Generate a strong, unique password for every new account and store it in your password manager (1Password, Bitwarden, LastPass).
Database Credentials — Create high-entropy passwords for PostgreSQL, MySQL, MongoDB, and Redis instances where security is critical.
API Keys and Secrets — Generate random strings for API keys, webhook secrets, encryption keys, and JWT signing secrets.
Wi-Fi and Device Passwords — Create memorable yet strong passwords for home routers, IoT devices, and shared access points.
Development and Testing — Generate bulk passwords for seeding test databases, load testing authentication systems, or populating demo environments.
Tips for Power Users
- For maximum security, use at least 16 characters with all four character sets enabled. This gives you 90+ bits of entropy.
- A 20-character password with mixed characters would take billions of years to brute-force even with modern hardware.
- If a site doesn't allow symbols, disable the symbols toggle and compensate by increasing length to 20+ characters.
- The strength meter uses bcrypt assumptions (10,000 hashes/second) which is realistic for well-protected password databases.
- For passphrases (easier to remember), generate a long password and use the first letter of each word as a mnemonic.
Why Use This Tool?
This password generator uses the browser's built-in crypto.getRandomValues() API — the same cryptographically secure random number generator used by major password managers. Your generated passwords are never transmitted to any server, never logged, and never stored. It's the safest way to create strong passwords because the passwords exist only in your browser until you copy them.