Are these passwords actually random?

They use crypto.getRandomValues, the browser's cryptographically secure random source, rather than Math.random. That makes the output suitable for security purposes, with each character drawn uniformly from the pool you configured.

What does the entropy in bits mean?

Entropy is log2 of the pool size multiplied by the length, a measure of how many guesses an attacker would need on average. More character types and greater length both raise it. As a rough guide, aim well above 60 bits, and over 100 bits for important accounts.

Is the password sent anywhere when generated?

No. Generation happens entirely in your browser and nothing leaves your device. Copying places the password on your local clipboard. For maximum safety, paste it into a password manager rather than leaving it on the clipboard.

Which symbols are used?

The symbol set is ! @ # $ % ^ & * _ - + = ? . , and the colon. Turning on Exclude ambiguous additionally removes bracket and slash characters from the whole pool, which is useful when a system mangles them.

Why are three passwords shown at once?

Seeing three options lets you pick one that reads or types well for you without weakening it. Each is generated independently, and Re-roll regenerates just that one candidate so you can keep the others.

FREE - RANDOM - ENTROPY

Password Generator

Generate strong passwords with length, character set, ambiguity, and similar-character controls plus entropy estimates.

Using generated passwords safely

Generate a unique password for each account and save it in a password manager rather than memorising or reusing it. Longer passwords with mixed character sets raise the search space, and the ambiguity controls make copied passwords easier to read when you must type them.

This tool runs in your browser and does not need an account. After copying a password, paste it directly into the service and clear your clipboard if you are working on a shared device.

About the Password generator

The password generator creates strong random passwords in your browser using the operating system's cryptographic randomness, not a predictable software shuffle. You choose the length and which character types to include, and it produces three candidates at once along with an entropy estimate so you can judge their strength before you pick one.

Use it whenever you need a fresh password for a new account, a rotation, an API key, or a Wi-Fi passphrase, and you want something far harder to guess than anything you would invent by hand. The generator runs entirely client side, so the passwords are produced on your device and never transmitted. Re-roll any candidate you do not like, then copy the one you want.

How to use it

Set the Length slider anywhere from 8 to 64 characters. Longer is stronger.
Toggle the character sets you want: uppercase, lowercase, numbers, and symbols.
Turn on Exclude similar to drop easily confused characters like 1, l, I, 0, and O.
Turn on Exclude ambiguous to remove brackets and slashes ( { } [ ] ( ) / \ ) that can be awkward in some contexts.
Read the entropy estimate, re-roll any of the three candidates you want to replace, then click Copy on your chosen password.

Examples

A high-entropy account password

Set length to 20 with all four character sets on and Exclude similar enabled. The pool is large, so the entropy estimate lands above 100 bits and the strength bar fills. You get three candidates like a mix of cases, digits, and symbols, copy one, and the badge confirms it is comfortably strong.

A readable code with no look-alikes

You need a password someone will read aloud over the phone. Keep uppercase, lowercase, and numbers on, turn symbols off, and enable both Exclude similar and Exclude ambiguous. The result drops 1, l, I, 0, O, and brackets, so there is no confusion between a one and an L or a zero and an O.

Frequently asked questions

Are these passwords actually random?: They use crypto.getRandomValues, the browser's cryptographically secure random source, rather than Math.random. That makes the output suitable for security purposes, with each character drawn uniformly from the pool you configured.
What does the entropy in bits mean?: Entropy is log2 of the pool size multiplied by the length, a measure of how many guesses an attacker would need on average. More character types and greater length both raise it. As a rough guide, aim well above 60 bits, and over 100 bits for important accounts.
Is the password sent anywhere when generated?: No. Generation happens entirely in your browser and nothing leaves your device. Copying places the password on your local clipboard. For maximum safety, paste it into a password manager rather than leaving it on the clipboard.
Which symbols are used?: The symbol set is ! @ # $ % ^ & * _ - + = ? . , and the colon. Turning on Exclude ambiguous additionally removes bracket and slash characters from the whole pool, which is useful when a system mangles them.
Why are three passwords shown at once?: Seeing three options lets you pick one that reads or types well for you without weakening it. Each is generated independently, and Re-roll regenerates just that one candidate so you can keep the others.

Good to know

Length matters more than exotic symbols. A long password drawn from a smaller set can easily beat a short one stuffed with punctuation, because entropy scales with length. If a site rejects symbols, lengthen the password instead and the strength estimate will reflect the trade-off.

Generating a strong password is only half the job; storing it is the rest. Do not reuse one password across sites, and do not try to memorise long random strings. Keep them in a reputable password manager, which both stores and autofills them, so the only password you ever need to recall is the manager's. The Exclude similar and Exclude ambiguous options exist for the cases where a human has to read or transcribe the password, such as Wi-Fi keys printed on a card; for passwords that live only in a manager, you can leave them off and keep the full character pool.