A secure random password generator that runs entirely in your browser. Set length and character classes (uppercase, lowercase, digits, symbols) and copy a fresh password. The randomness comes from the browser's crypto API, not predictable Math.random.
How to choose a strong password
Length matters more than complexity — a 16-character lowercase password is harder to crack than an 8-character mixed-case one. Use at least 16 characters for important accounts, 20+ for password managers and root/admin accounts. Symbols help against dictionary attacks but not against brute force; the gain comes mostly from doubling the search space.
Storing passwords safely
Do not reuse the same password across sites — a breach on one site leaks everything. Use a password manager (Bitwarden, 1Password, Apple Keychain) and let it generate per-site passwords. Enable two-factor authentication wherever possible; even a leaked password is far less dangerous when it is not the only thing standing between attackers and your account.
FAQ
- Is the password sent to a server?
- No. Generation happens in your browser using window.crypto.getRandomValues. Nothing is transmitted.
- Are emoji-style symbols safe to include?
- Most sites strip non-ASCII characters from passwords. Stick to standard ASCII punctuation symbols for compatibility.
