Password Generator
Generate a strong random password or a memorable word-based passphrase, with a strength estimate for each. Nothing generated here is ever saved or sent anywhere.
Copied to clipboard.
About this password generator
This tool generates two very different kinds of secrets, and each is a genuinely reasonable choice depending on the situation. Random-character passwords pack the most entropy into the fewest characters and are the right pick for anything stored in a password manager, since you'll never need to type or remember it yourself. Passphrases — several unrelated common words strung together — are the better pick for anything you actually have to type or memorize, such as a device unlock code or a password manager's own master password, because a human brain remembers "seven distinct words" far more easily than "a random jumble of characters," even when the passphrase carries comparable or greater entropy.
All randomness in both modes comes from your browser's cryptographically secure random number generator (the same source used for cryptographic keys), not the plain Math.random() function that many simpler generators rely on, which is not designed to resist prediction. Random passwords are also guaranteed to include at least one character from every category you select — so if you ask for uppercase, numbers, and symbols, all three are guaranteed to appear, not left to chance, which matters when a site's password rules require a mix.
The strength meter estimates entropy in bits: for random passwords, that's the length multiplied by the size of your selected character pool; for passphrases, it's the word count multiplied by the size of the word list (582 words, about 9.18 bits of entropy each). This is a mathematical estimate of how many guesses a brute-force attack would need on average, not a guarantee against every possible attack — a leaked password database or a weak website login system can undermine any password regardless of its entropy.
Nothing generated here is ever saved. Your preferences (length, which character types, word count) are remembered in your browser for convenience, but the password or passphrase itself is never written to storage or sent anywhere — it exists only on your screen until you close or refresh the page.
Frequently asked questions
Is this password generator actually secure?
Yes. It uses your browser's cryptographically secure random number generator (crypto.getRandomValues), the same class of randomness used for encryption keys, rather than the ordinary Math.random() function, which is predictable and unsuitable for generating secrets.
Should I use a random password or a passphrase?
Use a random password for anything saved in a password manager, since length and character variety matter more than memorability there. Use a passphrase for anything you need to type or remember yourself, like a device passcode or your password manager's master password.
What does the strength meter actually measure?
It estimates entropy in bits — roughly, how many attempts a brute-force guessing attack would need on average. It's a useful comparison between options, but it can't account for how a specific website stores or protects your password after you create it.
Is the generated password stored anywhere?
No. It's never written to your browser's storage or sent over the network. Only your preferences (length, character types, word count) are saved locally so the tool remembers your settings next time.
Where does the passphrase word list come from?
It's a list of 582 common, unambiguous English words compiled specifically for this tool — not the EFF Diceware list or any other third-party wordlist. Each word contributes about 9.18 bits of entropy.