Back to Tools

Password Generator

Generate secure random passwords instantly

100% FreeRuns in your browserNo sign-up

About this tool

Create cryptographically secure passwords with full control over length, character sets, and quantity. Toggle uppercase, lowercase, numbers, and symbols, exclude ambiguous characters, and check password strength with an entropy-based meter. Generate up to 20 passwords at once and copy them individually or in bulk.

Features

  • Adjustable length from 8 to 128 characters
  • Toggle uppercase, lowercase, numbers, symbols
  • Exclude ambiguous characters (0, O, I, l, 1)
  • Entropy-based strength meter
  • Bulk generation up to 20 passwords

Use cases

Creating secure account passwordsGenerating API keys and tokensSetting up database credentials

Share this tool

Help others discover it

HN

Create a free account to remove watermarks

Save your work, access the full creative suite, and export without watermarks.

Create Free Account

How to generate a strong password

Produce a cryptographically secure password, passphrase, or pronounceable string with visible entropy feedback.

  1. 1

    Pick a mode

    Random for password managers, Passphrase for memorable but strong, Pronounceable for verbal sharing.

  2. 2

    Adjust length / word count / syllable count

    Watch the entropy meter — aim for green (80+ bits).

  3. 3

    Toggle character sets

    Uppercase, lowercase, numbers, symbols. Optionally exclude ambiguous characters (0, O, l, 1, |, `).

  4. 4

    Click Generate

    Generates the requested quantity (1–20 at a time). Each run draws fresh bytes from crypto.getRandomValues.

  5. 5

    Copy or reveal

    Click the eye to reveal, the copy icon to send to clipboard. Use Copy All for bulk provisioning.

Frequently Asked Questions

Why three different modes — Random, Passphrase, and Pronounceable?

Random maximizes entropy (best for password managers). Passphrase stays strong (~60 bits for 6 words) while being memorable. Pronounceable trades some entropy for easy verbal sharing — useful for kiosks or one-time codes read over the phone.

How is randomness guaranteed?

We use `crypto.getRandomValues`, the browser's cryptographically secure random source — same primitive OS-level CSPRNGs use. On top of that we apply rejection sampling to eliminate modulo bias, so even characters at the end of small-modulus pools appear uniformly.

What entropy level is considered safe?

60 bits resists offline cracking by a serious attacker for years. 80 bits is resistant to any current adversary. 100+ bits is overkill but costs nothing extra to produce. The meter shows this at a glance — stay in green/primary for anything sensitive.

What exactly is a passphrase, and why is it often safer?

A passphrase combines multiple common words separated by a character, e.g. "garden-river-pencil-strong-sunset". Six random words from a 512-word list yield ~54 bits of entropy while being trivially memorable — most users cannot remember a 20-char random password, so they pick weak ones.

Does the tool send my passwords anywhere?

No. Generation is 100% client-side — nothing is transmitted to our servers, nothing is logged. You can verify by opening your browser devtools network tab while generating. Closing the tab clears every generated value.

What does "exclude ambiguous characters" do?

Removes characters that look alike at small font sizes: `0 O I l 1 | ` (backtick). Useful when a password has to be read from a screen or transcribed by hand. Slightly reduces entropy (pool shrinks by ~5 characters).