Generate a password
worth trusting.
No storage, no tracking — everything happens in your browser. Adjust the settings and generate as many as you need.
About this tool
A weak or reused password is still one of the most common ways accounts get compromised. This generator creates long, unpredictable passwords using your browser's built-in cryptographic random number generator — the same class of randomness used in security-sensitive software, not a simple pseudo-random guess.
Because everything runs locally, the password never travels over the network before you use it. There's no server round-trip, no logging, and no way for anyone but you to see what was generated.
How to use it
- Set your preferred length using the slider (12–16 characters is a good baseline for most accounts).
- Choose which character sets to include — uppercase, lowercase, numbers, and symbols.
- Click "Generate new password", or use "Generate Bulletproof Password" for a 32-character, all-character-set password.
- Click the password field to copy it, then paste it directly into your account or password manager.
Why use this one
Uses the Web Crypto API instead of Math.random(), which is not safe for security purposes.
Toggle uppercase, lowercase, numbers, and symbols independently to match any site's password rules.
One click generates a 32-character password using every character set, for accounts that need maximum protection.
No accounts, no history, no server logging — the password exists only in your browser tab.
Frequently asked questions
Is this password generator safe to use?
Yes. Every password is generated locally in your browser using the Web Crypto API (crypto.getRandomValues), which is cryptographically secure. Nothing is sent to a server, logged, or stored anywhere.
How long should a strong password be?
Most security guidelines recommend at least 12–16 characters with a mix of uppercase, lowercase, numbers, and symbols. For anything sensitive — email, banking, password managers — use the Bulletproof option above for a 32-character password.
Does this tool store or remember my generated passwords?
No. Passwords are generated on the fly and only exist in your browser tab. Refreshing the page or closing the tab clears them completely.
What makes a password weak?
Short length, dictionary words, predictable patterns (like "123" or a birth year), and reuse across multiple sites are the most common weaknesses. Length matters more than complexity — a random 16-character password is far stronger than an 8-character one with symbols.
Should I reuse a strong password across sites?
No. If one site suffers a data breach, a reused password puts every other account using it at risk. Generate a unique password per site and store them in a password manager rather than memorizing them.