Generate cryptographically secure passwords and memorable passphrases. Fully customizable, bulk generation, and 100% private—nothing ever transmitted.
Use the Password tab to create random character-based passwords. Adjust length and choose which character types to include (uppercase, lowercase, numbers, symbols).
Switch to the Passphrase tab for memorable word-based passwords like "correct-horse-battery-staple". Choose word count, separator, and optional extras.
Need multiple passwords? Use the Bulk Generate tab to create up to 50 passwords at once. Download them as a text or CSV file.
Click Copy to copy any password to your clipboard. Use the eye icon to show/hide the password text.
Security Note: All passwords are generated using cryptographic randomness (Web Crypto API). Nothing is ever transmitted or stored.
Uses crypto.getRandomValues() for true randomness, not predictable Math.random().
Generate word-based passwords that are easy to remember but hard to crack.
Control length, character types, separators, and more to meet any password policy.
Create multiple passwords at once and export them as .txt or .csv files.
Generate passwords locally on your device with zero uploads.
All features free forever. No accounts, no tracking, no limits.
Length matters most. A 16-character password is exponentially harder to crack than an 8-character one, regardless of complexity. Aim for at least 12 characters, ideally 16+.
Use a mix of uppercase, lowercase, numbers, and symbols. Avoid dictionary words, personal info (birthdays, names), and common patterns like "123456" or "password".
Passphrases (like "correct-horse-battery-staple") are easier to remember but offer similar security to complex passwords. They're ideal for master passwords you need to type manually.
A 4-word passphrase from a 2000-word list provides ~44 bits of entropy—equivalent to an 8-character random password. Add more words for even stronger security.
Yes! We use the Web Crypto API (specifically
crypto.getRandomValues()), which provides cryptographically secure
pseudo-random numbers.
This is the same technology used by security-critical applications and is far superior
to
Math.random(), which many other generators use.
Absolutely not. All passwords are generated entirely in your browser using JavaScript. Nothing is transmitted to our servers or any third party. You can verify this by checking your browser's Network tab in Developer Tools—no requests are made when generating passwords.
For most accounts, 12-16 characters with mixed character types is excellent. For high-security accounts (banking, email, password managers), consider 20+ characters or a passphrase with 5+ words. The default of 16 characters is a great balance of security and usability.
A password is a random string of characters (like "X7#kL9$mP2@n"). A passphrase is multiple random words joined together (like "apple-jungle-river-storm"). Passphrases are easier to remember and type, while offering comparable security when enough words are used.
Including symbols increases the character pool, making passwords harder to crack. However, length matters more than complexity. A 20-character password with only lowercase letters is stronger than an 8-character password with all character types. Use symbols if the site requires them, but prioritize length.
Characters like 0 (zero) and O (letter O), or l
(lowercase L)
and 1 (one), look nearly identical in many fonts. If you need to read or
hand-type your
password, excluding these prevents frustrating typos and errors.
Yes. All password generation logic runs locally in your browser, and nothing is uploaded to our servers.
Entropy measures password strength in bits—the higher, the better. Each bit doubles the possible combinations. For example, a password with 40 bits of entropy has 240 (about 1 trillion) possible combinations. We recommend at least 50 bits for normal accounts and 80+ bits for high-security needs.