🔐 Strong Password Generator

Password Generator
1. Choose type 2. Length/words 3. Options 4. Generate 5. Copy
Strength: — Estimated entropy: 0 bits
Tip: If “Only use” is filled, it overrides the ticked sets above.

Many results (Bulk)

Generate truly random passwords and memorable passphrases — private, secure and instant. Everything happens on your device.

Trust at a glance: CSPRNG ‱ Client-side ‱ No storage ‱ Copy & Hide ‱ Bulk output

Strong Password Generator Quick start

  • Choose Password or Passphrase.
  • Set length (or number of words).
  • Pick character sets (or separator/capitalise).
  • Press Generate.
  • Copy the result and Hide when done.
  • Optional: create bulk lists for onboarding or admin tasks.

Why this Password Generator is different

  • Cryptographically secure randomness (CSPRNG) — not Math.random.
  • Client-side only — we don’t send, store or log your secrets.
  • Unbiased enforcement — “at least one of each class” without skew, using a fair shuffle.
  • Readable strength — clear entropy (bits), alphabet size and a simple meter.
  • Password and passphrase modes for different needs.
  • Bulk generation with “Copy All” and CSV export (handle carefully).

Features

  • Length control: 8–128 (default 20).
  • Character sets: lower, upper, digits, symbols, plus “exclude ambiguous” (O/0, l/1, |, brackets).
  • Require one of each: meet stricter legacy rules without bias.
  • Custom allow/deny lists: fine-tune exactly which characters can appear.
  • Passphrase mode: 6–8 short words with your choice of separator; optional Capitalise/Number/Symbol; supports custom wordlists.
  • Bulk: generate 10–100 at once; copy or download as CSV.
  • Copy & Hide: one-tap copy; keep results masked by default.
  • Accessibility: keyboard shortcuts, clear focus states, screen-reader announcements.

Password vs passphrase — which should I choose?

  • Password: best for apps that demand symbols or mixed cases. Choose length ≄ 16; longer is stronger.

  • Passphrase: easier to remember, still strong. Use 7 words with hyphens or spaces; add a number or symbol if a site insists.

Entropy, at a glance

  • Strength is measured in bits of entropy.
    • ≄ 80: good
    • ≄ 100: strong
    • ≄ 128: very strong

  • Examples (approx.):

    • 16 characters, a–z A–Z 0–9 → ~95 bits
    • 16 characters, full printable ASCII → ~105 bits
    • 20 characters, a–z A–Z 0–9 → ~119 bits
    • 7-word passphrase (large list) → ~90+ bits

Handy presets

  • NIST-style long length: 24–32 characters, letters + digits, symbols optional.
  • Legacy site (symbols required): 16–20 characters, all classes, “require each” on, ambiguous excluded.
  • Memorable passphrase: 7 words, hyphen separator, Capitalise on.
  • PIN/Code: 6–10 digits (for devices that allow long PINs).

Best practice

  • Use a password manager and never reuse a password.
  • Favour length over needless complexity.
  • Only enable bulk when you truly need it; clear outputs afterwards.
  • Keep your browser/page over HTTPS before copying or pasting credentials.

FAQs – Password Generator

Q: Is this generator truly random?
A: Yes. It uses your browser’s cryptographically secure random number generator to sample characters uniformly.

Q: Do you store or send my passwords?
A: No. Generation is entirely client-side. We don’t transmit, log or analyse any generated values.

Q: What length should I use for a strong password?
A: Aim for 16–24 characters as a baseline; 20+ for high-value accounts. Longer generally means stronger.

Q: What’s a good passphrase configuration?
A: 7 words with a hyphen separator is a smart default. Turn on Capitalise if you prefer mixed case.

Q: What are “ambiguous characters” and why exclude them?
A: Look-alikes such as O/0, l/1, and various brackets. Excluding them reduces confusion without harming strength.

Q: Can I enforce “at least one of each character type”?
A: Yes. Enable Require one of each. We then sample fairly from each class and shuffle to avoid positional bias.

Q: How is strength calculated?
A: We estimate entropy (bits) from your length and alphabet size. The meter labels (Weak/Good/Strong/Very strong) map to common guidance thresholds.

Q: Can I generate multiple passwords at once?
A: Yes. Use Bulk to create 10–100 at a time. You can copy all or download as CSV. Handle exports with care.

Q: Does this work on mobile?
A: Absolutely. It’s mobile-friendly with large tap targets and keyboard support.

Q: Can I use my own wordlist for passphrases?
A: Yes. Paste one word per line. Larger lists increase entropy; the display updates accordingly.

Q: Is there a risk in copying to the clipboard?
A: Only copy over HTTPS and paste directly into your password manager or target app. Avoid leaving secrets in notes or chats.

Q: Why not just force symbols everywhere?
A: Symbols alone don’t guarantee strength. Length and uniqueness matter more than arbitrary complexity rules.

What’s new

  • Unbiased “require each class” implementation for legacy policies.
  • Bulk CSV export with one-click copy all.
  • Entropy meter with clear thresholds and alphabet size.
  • Passphrase improvements: capitalise option, number/symbol suffix, custom wordlists.

Related Calculators

Was this calculator helpful?

Rate your experience to help us improve.

Thanks for rating! See the average and total ratings above.

Not rated yet—be the first to rate this calculator.