Are the passwords sent anywhere or stored?

Never. Every password and passphrase is generated locally in your browser and is never transmitted, logged or saved. Close the tab and it is gone for good.

Are the passwords actually random?

Yes. Randomness comes from the browser’s built-in crypto.getRandomValues (the Web Crypto API), and characters are drawn with rejection sampling so every option is equally likely — no modulo bias and no predictable Math.random.

What does the strength meter actually measure?

It estimates entropy: roughly the length multiplied by the log2 of the alphabet size (and for passphrases, the number of words times 8 bits each). More bits means exponentially more guesses to crack, which is why the label climbs from Weak to Excellent.

What does "exclude ambiguous characters" do?

It removes look-alikes that are easy to misread — capital O versus zero, and lowercase l versus 1, I and the pipe |. Handy when you will be typing the password by hand or reading it aloud.

Should I use a password or a passphrase?

A random password is the most compact way to pack in entropy, ideal when stored in a password manager. A passphrase like brave-cliff-July-dock7 is far easier to remember and type, which is great for logins you enter manually — both are strong when long enough.

Does it work on my phone?

Yes. The generator is fully responsive and runs in any modern mobile or desktop browser, with no app to install and nothing to sign up for.

Password Generator

Generate strong, random passwords and passphrases — fully in your browser.

Generators

Your files never leave your device.

How to use Password Generator

Pick password or passphrase

Use the toggle at the top to choose a classic random password or a memorable multi-word passphrase. A fresh secret appears instantly.
Dial in your options

For passwords, set the length (4–64) and turn character sets — lowercase, uppercase, digits, symbols — on or off. For passphrases, choose how many words, the separator, and whether to capitalize or append a number.
Check the strength meter

Watch the live meter estimate entropy in bits, from Weak up to Excellent, so you can tell at a glance how hard your secret is to guess.
Copy and use it

Hit Copy to grab the result, or Regenerate to roll a new one. Nothing is saved or sent anywhere — paste it straight into your password manager.

Key features

Generated entirely on your device with the Web Crypto API — passwords never leave your browser or touch a server
True randomness from crypto.getRandomValues with unbiased rejection sampling, never weak Math.random
Adjustable length (4–64) and toggleable lowercase, uppercase, digits and symbols
Memorable passphrase mode: choose word count, separator, capitalization and an optional number
Live strength meter that estimates entropy in bits, plus one-tap copy and regenerate
Completely free — no sign-up, no ads, no limits

About Password Generator

Create cryptographically strong, random passwords or memorable passphrases without anything ever leaving your device. Randomness comes from the browser's built-in Web Crypto API (crypto.getRandomValues) using unbiased rejection sampling — never weak Math.random or modulo-skewed output. Dial in the exact length, choose which character sets to include (lowercase, uppercase, digits, symbols), and optionally exclude look-alike characters such as O, 0, l, 1, I and |. Prefer something you can actually remember? Switch to passphrase mode to assemble several common words with your choice of separator, capitalization, and an appended number. A live strength meter estimates the entropy in bits so you always know how tough your secret is. No upload, no sign-up, no watermark — generation is 100% client-side.

Last updated 28 May 2026.

Frequently asked questions

Are the passwords sent anywhere or stored?: Never. Every password and passphrase is generated locally in your browser and is never transmitted, logged or saved. Close the tab and it is gone for good.
Are the passwords actually random?: Yes. Randomness comes from the browser’s built-in crypto.getRandomValues (the Web Crypto API), and characters are drawn with rejection sampling so every option is equally likely — no modulo bias and no predictable Math.random.
What does the strength meter actually measure?: It estimates entropy: roughly the length multiplied by the log2 of the alphabet size (and for passphrases, the number of words times 8 bits each). More bits means exponentially more guesses to crack, which is why the label climbs from Weak to Excellent.
What does "exclude ambiguous characters" do?: It removes look-alikes that are easy to misread — capital O versus zero, and lowercase l versus 1, I and the pipe |. Handy when you will be typing the password by hand or reading it aloud.
Should I use a password or a passphrase?: A random password is the most compact way to pack in entropy, ideal when stored in a password manager. A passphrase like brave-cliff-July-dock7 is far easier to remember and type, which is great for logins you enter manually — both are strong when long enough.
Does it work on my phone?: Yes. The generator is fully responsive and runs in any modern mobile or desktop browser, with no app to install and nothing to sign up for.