Password Generator
Generate strong, cryptographically random passwords in your browser. Customise length, character sets, and quantity. Your passwords never leave this tab.
Password Generator
Runs entirely in your browser — no server calls, no tracking.
Click Generate passwords to begin.
🔒 Your data never leaves this tab. This tool has no backend.
About the Password Generator
This tool generates passwords using crypto.getRandomValues() — the browser's cryptographically secure pseudo-random number generator. It is the same entropy source used by password managers and security tools. The passwords are generated entirely in your browser; they are never transmitted, logged, or stored anywhere.
What makes a password strong?
Password strength is measured in bits of entropy. An 8-character password using all four character sets (95 printable ASCII characters) has log₂(95⁸) ≈ 52 bits of entropy — weak by modern standards. A 20-character password with the same character set has ≈131 bits — extremely strong. Length matters far more than complexity. A 20-character lowercase-only password is significantly stronger than an 8-character mixed-case password.
How to use generated passwords
Use a password manager (Bitwarden, 1Password, KeePass) to store generated passwords — never write them down or reuse them. For service accounts and API keys, prefer passwords of 32+ characters. For user-facing resets, 16–20 characters with all character sets is a good balance between strength and usability in most UI flows.
For systems that reject special characters, uncheck Symbols to generate an alphanumeric-only password. The tool recalculates immediately when you change options, so you can preview the character set before generating.
Frequently asked questions
crypto.getRandomValues() is a CSPRNG — the same underlying entropy source used by TLS key generation and OS-level random number generation. It is safe for generating passwords. The risk is not generation quality but storage: always use a password manager rather than writing generated passwords down.Math.random()) is seeded from a predictable state and produces predictable sequences if the seed is known. A CSPRNG like crypto.getRandomValues() uses hardware entropy sources (CPU timing jitter, OS entropy pools) to produce values that cannot be predicted even with knowledge of previous outputs. Always use CSPRNG for security-sensitive generation.Need secure authentication built for your app?
ruxox builds production-grade auth systems, API security, and access control. Free scoping estimate in 48 hours.