Security tool

Password Generator

This password generator builds a strong, random password right in your browser. Set the length, pick which character types to include, and you'll get a fresh password you can copy in one click. It uses your browser's cryptographic random source, so there's no pattern to guess, and nothing you generate is ever sent anywhere or stored. Pair it with a password manager and you're set.

Truly random
Any length
Letters, numbers, symbols
Strength meter
Private in your browser

Last updated June 17, 2026 Nothing leaves your device Reviewed by the Calcowa team

Your password

Px7!kQ2m...

Very strong

Entropy

105 bits

Length

Time to crack

centuries

Length 16

Uppercase (A to Z) Lowercase (a to z) Numbers (0 to 9) Symbols (!@#$...)

Exclude ambiguous characters (l, 1, O, 0)

The basics

What makes a strong password?

Strength comes down to how many passwords an attacker would have to try, and that grows with both length and the variety of characters. Mix uppercase, lowercase, numbers, and symbols across 16 characters and there are roughly 94 to the 16th power combinations, which this password generator measures as about 105 bits of entropy. Every extra character multiplies the work, so length beats clever letter swaps. Because the tool draws from your browser's cryptographic random source, the result has no pattern a cracking program could lean on, and it all stays on your device. You don't have to trust a server, since there isn't one in the loop, and that's the whole idea behind doing it client-side.

entropy = log2(pool) × length

Step by step

Making a password you can trust

Here's the quick routine. It's the same whether you're opening a new account or rotating an old one, and it'll take about ten seconds:

1
Set a good lengthSlide to 16 or more characters; longer is stronger, so go as high as the site allows.
2
Keep the variety onLeave uppercase, lowercase, numbers, and symbols enabled unless a site rejects symbols.
3
Copy it onceHit copy and paste it straight into your password manager, not a sticky note.
4
Use a fresh one each timeGenerate a new password for every account, so one leak doesn't unlock the rest.

Quick reference

Length, entropy, and strength

Here's the entropy for a full mix of all four character types, a 94-character pool, at common lengths. More bits means more guesses, so it's the number worth watching. If you're not sure where to land, 16 is a great default, and you'll rarely need a reason to go lower.

Length	Entropy	Strength
8	52 bits	Fair
12	79 bits	Good
16	105 bits	Very strong
20	131 bits	Very strong
24	157 bits	Very strong

FAQ

Frequently asked questions

It builds a pool from the character types you turn on, then draws each character at random from that pool using your browser's cryptographic random source, not a predictable one. The result is a fresh password that doesn't follow any pattern. Everything happens on your device, so the password never travels over the network, and nobody else ever sees it.

Length and variety. A longer password with uppercase, lowercase, numbers, and symbols has far more possible combinations, which is what makes guessing it impractical. The tool measures this as entropy in bits, and more bits is better: under 50 is weak, around 70 is solid, and 100 or more is excellent. A 16-character mix lands near 105 bits, which is plenty for any account.

Aim for at least 16 characters for important accounts, and longer where a site allows it. Each extra character multiplies the guesses an attacker needs, so length matters more than swapping an a for an @. If a site caps the length, use the maximum it permits and lean on all four character types to keep the entropy high.

Yes. The generator runs entirely in your browser with no server call, so the password isn't sent or stored anywhere, and it's gone when you close the tab. For the best habit, paste it straight into a password manager. That way you get a strong unique password per site without having to remember any of them.

Symbols add a lot of strength, so keep them on unless a site rejects them. The exclude-ambiguous option drops look-alikes like the letter l, the number 1, the letter O, and zero, which helps when you'll type or read the password aloud. It trims the pool a little, but a slightly longer password makes up the difference.

Yes, it's free with no sign-up, no limit, and nothing to install, since it runs in the page. You can generate as many as you want, and none of them are logged. Bookmark it and you'll have a quick, private way to spin up a strong password whenever you open a new account or rotate an old one.

Keep going

Related tools

More text and developer utilities.

Word counter

Words, characters, reading time.

All dev tools

Text and developer utilities.

All calculators

Browse every Calcowa tool.

Securing an account?

Generate one above, or browse all the dev and text tools.

Dev Tools