Strong Password Generator

A free password generator that runs entirely in your browser using the Web Crypto API for unbiased, cryptographically secure randomness. Choose between random, pronounceable, PIN, and pattern modes, fine-tune the character classes, and see entropy and time-to-crack updated as you tweak the options.

How to use

1
Pick a mode

Random is the strongest by entropy. Pronounceable is easier to dictate over the phone. PIN is for numeric-only locks. Pattern when a system demands a specific shape.

2
Set length and character classes

Slide the length to 12+ for personal accounts and 20+ for master / admin passwords. Toggle lowercase, uppercase, digits, symbols.

3
Read the strength meter

Aim for 80+ bits of entropy — anything below 60 bits is considered breakable by an offline attacker with modern hardware.

4
Copy or bulk export

Single password — click Copy. Need many — set the count, click Generate, then Copy all or Download .txt.

🔥 Trending right now
🗣️ Text to Speech Video Enhancer ✂️ Trim Audio Audio Enhancer

Create cryptographically secure passwords with four modes and a real-time strength meter

·
Entropy: bits Time to crack (offline GPU):
c = lowercase · C = uppercase · d = digit · s = symbol · x = alphanumeric · * = any · \X = literal X
Example: Cccdds → Foo42!
Copied
Don't know what to try?
380 free tools — open a surprise
🎲 Surprise me

Features

Crypto-secure randomness Four generation modes Live entropy & crack-time Bulk generation Exclude look-alikes Pattern-driven generation

FAQ

Is the randomness really cryptographically secure?

Yes. The generator uses window.crypto.getRandomValues with rejection sampling — the same source TLS uses for session keys. Math.random is never called.

How long should my password be?

12 characters with mixed classes is the modern minimum for personal accounts. 20+ characters for password-manager master keys, server roots, and recovery codes. Length adds more entropy than character class diversity.

What is entropy and why does it matter?

Entropy measures the number of equally-likely guesses an attacker must try on average. 80 bits ≈ 10²⁴ guesses — out of reach for any current adversary. 40 bits falls in under a minute.

Is pronounceable mode less secure?

It has lower entropy per character (~3.4 bits vs ~6.6 for full random), so add 4–6 characters of length to compensate. A 16-character pronounceable password is roughly as strong as a 12-character random one.

What is the pattern syntax?

A template where each character is a placeholder: c (lowercase), C (uppercase), d (digit), s (symbol), x (alphanumeric), * (any). Prefix with backslash to insert a literal character. Example: Cccdds matches like "Foo42!".

Can I trust a browser-based generator?

The code runs locally in your browser — you can inspect it via View Source. No password is sent over the network. For maximum trust, generate offline with the page already loaded.

💡 Want us to improve this tool just for you?

We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.

You May Also Like

🔄 Bitwarden Converter 🗃️ KeePass Viewer 🔍 OTP Auth QR Decoder 🔗 One-Time Secret Share 🔐 PGP Key Generator 🎲 Passphrase Generator 📊 Password Audit 🚨 Password Breach Checker

How do you rate this tool?

Thank you for your rating!
Want to share more? Leave a comment!
Thank you! Your comment will appear after moderation.
Who is this tool for?
💻 Developers & IT Pros 🔒 Security & Privacy
Published Updated