What this tool does
Generate strong passwords using the browser’s crypto-quality random source (crypto.getRandomValues). Configure length, character sets, and ambiguity exclusion to match the destination service’s rules. Nothing is uploaded or stored.
How to use it
Pick a length, toggle character sets (lowercase, uppercase, digits, symbols), optionally exclude visually ambiguous characters (0/O, l/1), pick how many to generate, click Generate.
The result is guaranteed to include at least one character from each enabled set, then padded from the combined pool and shuffled.
Limits and edge cases
- Entropy is shown so you can compare options. A 16-character password from a 62-char pool (alphanumeric) is ~95 bits — far above any practical brute-force threshold.
- Symbols are off by default because many services reject specific symbols. Turn them on if your password manager and the destination accept them.
- Exclude ambiguous drops 0/O/o/1/l/I — useful when the password will be read aloud or transcribed.
- For high-entropy passphrases (multiple random words instead of gibberish), a Diceware tool is a better fit; this one generates traditional character passwords.
Frequently asked questions
- Is the random source cryptographic?
- Yes. Selection uses crypto.getRandomValues, which browsers back with a CSPRNG. Modulo bias is avoided via rejection sampling.
- Is anything sent to a server?
- No. Passwords are generated locally and never leave your machine.
- Why won't generation work with all sets disabled?
- There needs to be at least one set to pick characters from. The tool refuses an empty pool rather than silently picking something.
- What length should I use?
- 16+ for most accounts; 24+ for long-lived keys or master passwords. Length matters more than 'complexity' — a longer alphanumeric password beats a shorter one with symbols.
- Can I exclude additional characters?
- Not via UI right now. If you need that, copy the generated value and edit. Future versions may add a denylist.