Is this password generator secure?

Passwords are built from random bytes from crypto.getRandomValues, which is suitable for cryptographic use in modern browsers. Generation happens only on your device.

What if I uncheck all character types?

At least one character set must stay enabled. The tool will show a message and keep generation disabled until you select uppercase, lowercase, numbers, or symbols.

How long should my password be?

Modern guidance favors longer passwords or passphrases. Many experts suggest at least 12–16 characters for general accounts, and more for high-value accounts, combined with a password manager.

Does this site store my password?

No. The generator runs entirely in your browser; generated passwords are not sent to any server by this page.

Password Generator

Create random passwords using crypto.getRandomValues. Nothing is sent to a server; generation stays in your browser.

Length 16

Character sets

Uppercase (A–Z) Lowercase (a–z) Numbers (0–9) Symbols (!@#$…)

Strength —

What makes a strong password?

Strength comes from three ideas working together: length (more characters mean more guesses for an attacker), entropy (true unpredictability from a good random source), and diversity (drawing from several kinds of symbols widens the search space). A long random password from several character classes is usually harder to crack than a short “clever” pattern.

NIST password guidelines (high level)

Modern NIST-oriented advice stresses length and usability over rigid composition rules (like forced special-character gymnastics every 90 days). Long passphrases or randomly generated passwords from a password manager often beat short passwords with arbitrary complexity requirements. Check your organization’s policy for exact rules.

How to store passwords

Use a reputable password manager to generate, store, and autofill unique passwords per site. Enable multi-factor authentication where available. Never reuse passwords across important accounts, and avoid storing secrets in plain text files or unencrypted notes.

Frequently asked questions

Is this password generator secure?: This page uses crypto.getRandomValues to sample indices, which is the recommended API for cryptographic randomness in the browser. Passwords are not uploaded by this tool.
What if I uncheck all character types?: Generation is disabled until at least one set (uppercase, lowercase, numbers, or symbols) remains selected.
How long should my password be?: For most web accounts, aim for at least 12–16 random characters, or longer for high-value data. Prefer unique passwords per site plus a password manager.
Does this site store my password?: No. The script only runs locally in your tab; there is no password submission step in this generator.

What makes a strong password?

NIST password guidelines (high level)

How to store passwords

Frequently asked questions

Related tools