✦ Generate a strong passwordStep 1 of 2
Stays on this device. Cryptographic-grade randomness from
crypto.getRandomValues() — same source the Web Crypto API uses for keys. The page never sees or stores generated passwords; copy each one straight to your password manager.Very strong
~125 bits of entropyOverkill for almost anything outside crypto keys.Length20
About password length. For online accounts in 2026: 16 characters minimum for anything that holds money or identity (banks, primary email, password manager). 12-14 minimum for everything else, but only if random — if you're typing it from memory, length matters less than whether it's in a known breach corpus. The biggest single security upgrade most people can make isn't a longer password, it's a password manager. Stored passwords don't have to be memorable, so they can be 20-character random gibberish. Length matters more than character variety past the basics — a 20-character all-lowercase passphrase has more entropy than a 10-character mixed-case-with-symbols password.
Read the guide
How Long Should Your Password Be in 2026?
Pairs well with
About Password Generator
Generate strong, secure random passwords instantly. Customise length, include symbols, numbers, and uppercase letters. All randomness comes from the browser's Web Crypto API.
Strong passwords have two properties: long enough that brute-force is infeasible, and random enough that they can't be guessed from public information. 16+ characters with mixed case, numbers, and symbols hits the modern 'computationally infeasible to crack' bar for offline attacks.
Randomness comes from `crypto.getRandomValues()` — cryptographic-grade. Length defaults to 16 (the NIST 2024 recommendation). For passwords you have to type, use 12-14 with a passphrase generator instead. For passwords stored in a manager, longer is always better.
Common questions
Should I use a password manager?
Yes. Generated passwords like these are best stored in a manager (1Password, Bitwarden, Apple Keychain) — typing them by memory defeats the point.
How long should my password be?
16 characters minimum for online accounts, 20+ for high-value ones (banks, primary email). Length matters more than character variety past a point.
Are these passwords saved?
No. The page never persists them. Once you generate one, copy it to your password manager.
Everything happens on your device. Close the tab and it's gone.