Loading the interactive tool… It runs in your browser — if it doesn't appear, enable JavaScript.
Generate passwords using your browser's cryptographically secure random number generator — the same primitive used for encryption keys — with unbiased sampling (no modulo bias). Set the length, toggle character sets, optionally exclude look-alike characters (Il1O0), and watch the entropy estimate: 70+ bits is strong for most accounts, 100+ for anything critical.
Generation is local by construction. Nothing is transmitted, logged or stored — disconnect from the internet and it still works.
Frequently asked questions
How long should a password be in 2026?
16+ characters with mixed character sets (≈100 bits of entropy) is beyond realistic brute-force for the foreseeable future. Length beats cleverness: a 20-character random password outclasses any human-invented pattern.
Is it safe to generate passwords on a website?
It depends entirely on whether generation happens locally. Here it does — crypto.getRandomValues() runs in your browser and no network request carries the result. Verify any generator you use makes the same claim, or use it offline.
What does the entropy number mean?
Bits of entropy measure how many guesses an attacker needs: each added bit doubles the search space. It's computed as length × log₂(pool size), where the pool is however many distinct characters your settings allow.