17 / password-generator
free online tool
Password Generator
Generate strong, random passwords securely in your browser.
Strength: Strong
how to use
- 01
Choose password length and character types (uppercase, lowercase, digits, symbols).
- 02
Click 'Generate Password'.
- 03
Copy the password with the Copy button.
about
What is this tool?
Password Generator uses the browser's cryptographically secure random number generator (crypto.getRandomValues) to create strong passwords. This means the randomness is suitable for security-sensitive purposes — unlike Math.random(), which is not cryptographically secure.
why use this tool
- -Cryptographically secure random generation — safe for real passwords.
- -No server involved — your passwords are never transmitted.
- -Customise length (8–64) and character sets.
- -Free and instant.
features
- -Cryptographically secure via Web Crypto API.
- -Adjustable length from 8 to 64 characters.
- -Toggle uppercase, lowercase, digits, and symbols.
- -Password strength indicator.
comparison
Password Strength by Length and Complexity
| Length | Character Set | Possible Combinations | Brute-Force Time (est.) |
|---|---|---|---|
| 8 chars | Lowercase only | 208 billion | Seconds (modern GPU) |
| 8 chars | Upper + lower + digits + symbols | 6.7 quadrillion | Hours |
| 16 chars | Upper + lower + digits + symbols | 4.5 × 10³² | Billions of years |
| 20 chars | Upper + lower + digits + symbols | 2.4 × 10⁴⁰ | Effectively infinite |
All processing happens entirely in your browser using JavaScript. No files, text, or data are ever sent to a server. Your data stays on your device.
✦ tip from dragontail
At Dragontail, we follow one rule: every service account gets a 20-character password generated with all character types enabled. The difference between a 12-character and a 20-character password isn't 8 characters — it's about 10²³ times harder to crack. If you're generating a password right now, just go to 20 characters. Your future self will thank you.
faq
Is this generator truly random?
Yes. It uses crypto.getRandomValues, which is cryptographically secure and suitable for generating real passwords.
Is my password sent anywhere?
No. Passwords are generated and displayed entirely in your browser. Nothing is stored or transmitted.
How long should my password be?
At least 16 characters for important accounts. For maximum security, use 20+ characters with all character types enabled.