Free Online Password Generator

Why use Password Generator

• Uses crypto.getRandomValues() -- the same cryptographic RNG professional password managers rely on, not Math.random().
• Real-time entropy meter shows bit strength so you can make an informed decision about length.
• Character-type toggles let you work around sites that reject symbols or enforce maximum lengths.

How it works

The generator builds a character pool from the enabled types: 26 uppercase letters, 26 lowercase, 10 digits, and ~32 symbols. For each position, crypto.getRandomValues() produces a secure random integer, and modular arithmetic selects a character from the pool uniformly at random. Entropy = log2(pool_size) * length. The strength meter maps ranges to labels: below 40 bits is weak, 40-59 fair, 60-79 strong, 80+ very strong.

About this tool

Signing up for a new service and need a password that is not "password123"? Set the length from 4 to 128 characters, toggle uppercase, lowercase, numbers, and symbols on or off, and get a cryptographically random string powered by crypto.getRandomValues -- the same randomness source that 1Password and Bitwarden use. A real-time entropy meter shows the bit strength before you copy. Sixteen characters with all four types enabled gives roughly 105 bits of entropy -- a brute-force attack would need 2^105 attempts. Sixty bits is adequate for everyday accounts; 80+ is recommended for master passwords and encryption keys. Disabling symbols is useful when a CI/CD config file or YAML manifest will break on special characters. Bumping length to 32+ is the move for database superuser passwords and API signing keys. A fresh password appears whenever you change a setting. Click regenerate to cycle through options until you find one that works.

How to use Password Generator

1. Set the length. Drag the slider or type a number. Default is 16 characters, which covers most accounts. For master passwords or encryption keys, use 24+.
2. Choose character types. Toggle uppercase (A-Z), lowercase (a-z), numbers (0-9), and symbols on or off. Disable symbols if the target system rejects special characters.
3. Check entropy. The bit-strength readout below the password updates as you adjust settings. Aim for 60+ bits for everyday use, 80+ for critical accounts.
4. Regenerate if needed. A fresh password appears every time you change a setting. Click the regenerate icon to cycle through options with the same configuration.
5. Copy to your password manager. Click Copy and paste the result directly into your password manager's new-entry field. Do not store it in a plain text file.

Use cases

• Setting up a new PostgreSQL database and generating a 32-character superuser password for the team vault.
• Creating CI/CD service account credentials with letters and numbers only to avoid shell-escaping headaches in YAML.
• Migrating from a reused password to unique ones per site -- generating 16-character passwords for each account.
• Creating a high-entropy signing key for webhook verification.
• Generating a temporary shared password for a staging environment that will be rotated after QA.