Developer Tools
Password Generator
Generate strong, cryptographically random passwords. 100% in your browser, never sent to a server.
Strength: Very Weak0 bits · cracked in —
464
Tips for strong passwords
- Length is the most important factor — every extra character roughly doubles strength.
- Use a different password for every account. Use a password manager to remember them.
- Enable 2FA (TOTP via Authy/Google Authenticator) on every account that supports it.
- Never reuse a password between work and personal accounts.
- If a service offers a passkey, use that — it's phishing-resistant by design.
A safer password generator
We use crypto.getRandomValues — the browser's cryptographic random source. No server processing, no logging, no analytics on your generated passwords. Open the dev tools and inspect: nothing leaves your device.
The strength meter estimates guesses-per-second at 1 trillion (a conservative offline GPU attack), so the displayed crack time is realistic for the worst-case attacker. Aim for "Strong" or "Very Strong" on any account that matters.
Frequently Asked Questions
How does the password generator work?▾
We use the browser's Web Crypto API (crypto.getRandomValues) — the same source of randomness used by HTTPS, secure tokens, and password managers. No server, no logging — your passwords never leave your device.
What makes a password strong?▾
Length matters most. Every additional character roughly doubles the time to crack. A 16-character random password is exponentially stronger than a 8-character one. Add character variety (upper, lower, numbers, symbols) for extra entropy.
How long should my password be?▾
For most accounts, 16+ characters with mixed types is excellent. For high-value accounts (banking, primary email, password manager), use 20+. NIST 2024 guidelines recommend at least 15 characters for any account holding sensitive data.
Should I use symbols?▾
Symbols add about 5 bits of entropy per character vs alphanumeric. For most uses they're worth including. Only skip them if a site rejects them (rare these days). The "exclude ambiguous" option keeps passwords typeable while staying strong.
Where should I store generated passwords?▾
Use a password manager — Bitwarden (free, open source), 1Password, or your browser's built-in manager. Never save passwords in plaintext files, sticky notes, or unencrypted notes apps.