Password Generator

Generate strong, random passwords with custom rules

Settings

Password Length: 16

664

Uppercase letters (A–Z)

Lowercase letters (a–z)

Numbers (0–9)

Symbols (!@#$%^&*)

Generated Password

How to Use

Set the Password Length using the slider (6–64 characters).
Check or uncheck character types: Uppercase, Lowercase, Numbers, Symbols.
Click Generate Password — a cryptographically secure random password appears.
The strength meter rates your password (Weak → Excellent).
Click the copy icon to copy the password. Recent passwords appear in the history below (session only — never stored).

Why Use a Password Generator?

Humans are terrible at creating truly random passwords. We reuse them, use dictionary words, add predictable numbers (like birth years), and use keyboard patterns like "qwerty123". This makes accounts vulnerable to dictionary attacks, credential stuffing, and brute-force attacks.

Password Security Facts

A 6-character lowercase password can be cracked in under 1 second.
A 12-character mixed-case + numbers + symbols password takes centuries with current hardware.
Over 80% of data breaches involve weak or reused passwords (Verizon DBIR).
The most common password in India is still "123456".

Our Generator Uses Cryptographic Randomness

Passwords are generated using crypto.getRandomValues() — the Web Cryptography API built into all modern browsers. This provides true cryptographic randomness, not pseudo-random numbers. The password is generated entirely in your browser — never sent to any server.

Best Practices

Use a password manager (Bitwarden, 1Password, KeePass) to store unique passwords for every site.
Never reuse passwords — if one site is breached, only that account is compromised.
Enable two-factor authentication (2FA) wherever possible as a second layer of protection.
Aim for at least 16 characters for critical accounts (banking, email, social media).

Frequently Asked Questions

Yes — passwords use crypto.getRandomValues(), the Web Cryptography API built into all modern browsers. This is cryptographically secure pseudo-random number generation (CSPRNG), suitable for generating security-critical values.

No — the password is generated entirely in your browser. It is never transmitted to any server. The session history (last 5 passwords) is stored only in browser memory and cleared when you close the tab.

For general accounts: 12 characters minimum. For critical accounts (banking, email, admin panels): 16–20 characters. For encryption keys or master passwords: 20+ characters. Each extra character exponentially increases the time to brute-force.

The symbol set includes: ! @ # $ % ^ & * ( ) - _ = + [ ] { } | ; : , . < > ? — a broad set that is accepted by most websites. A few sites restrict certain symbols; if a generated password fails, simply generate a new one.