Password Generator
A Password Generator creates high-entropy random strings using a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). It combines character sets—uppercase, lowercase, digits, symbols—to produce passwords that resist brute-force and dictionary attacks.
What is Password Generator?
Unlike simple Math.random(), this generator uses window.crypto.getRandomValues()—the Web Cryptography API standard—which produces unpredictable, non-repeating sequences suitable for security-sensitive credentials. You control length (8–128 characters) and character sets. Because generation runs entirely in-browser, no password ever touches a server, making it safe for generating root passwords, API keys, database credentials, and encryption passphrases.
Use Cases
- Creating unique logins for every online account.
- Generating API keys, database passwords, and server SSH passphrases.
- Producing random secret keys for encryption and HMAC signing.
How to Use It
Set the desired password length using the slider (we recommend 16+ characters).
Toggle on/off: Uppercase A-Z, Lowercase a-z, Numbers 0-9, Symbols !@#$...
Click Generate to create a new random password.
Click Copy to transfer it securely to your clipboard.
Store it immediately in a password manager—never in plain text.
Pros
- Uses CSPRNG (Web Crypto API) for true unpredictability.
- Never transmitted anywhere—stays 100% local.
- Highly customisable character sets and length.
Limitations
- Generates memorable-ness is low; requires a password manager.
- No auto-sync or cloud backup (privacy by design).
Best Practices
- Use a minimum of 16 characters for any account.
- Enable all character sets (symbols, numbers, both cases) for maximum entropy.
- Use a different password for every service—use a password manager to store them.
- Never share or transmit passwords via unencrypted email or chat.
Common Mistakes to Avoid
- Using short passwords (< 12 chars) that are vulnerable to modern GPU cracking.
- Reusing the same password across multiple services.
- Storing passwords in unencrypted files or browser autofill without a master password.
FAQs
Are generated passwords stored on your servers?
No. Passwords are generated entirely inside your browser and are never transmitted to any server.
How long should my password be?
Security experts recommend at least 16 characters for sensitive accounts and 12 characters as an absolute minimum. Longer is always better.
What makes crypto.getRandomValues() secure?
It uses the operating system's entropy sources (hardware noise, timing jitter) which are cryptographically unpredictable, unlike Math.random() which is a deterministic sequence.