16
1
StrengthStrong~103 bits
Create cryptographically secure, random passwords right in your browser. Choose the length and character sets, watch the live strength meter, and copy one or many with a single click. No sign-up, nothing stored.
A strong password is long, random, and drawn from a wide pool of characters. The more unpredictable characters it contains, the more combinations an attacker must try — a quantity measured as entropy in bits. Every extra character and every additional character set multiplies the work required to guess it.
This generator uses your browser's cryptographic random number generator with rejection sampling to keep the distribution perfectly even, then rates the result so you can see exactly how resistant it is to brute-force attacks before you use it.
Every character is drawn from crypto.getRandomValues with rejection sampling, so the output is unbiased and unpredictable.
Set the length from 4 to 64 and mix uppercase, lowercase, numbers, and symbols to fit any password policy.
A live entropy estimate in bits rates each password from Very weak to Very strong as you adjust the options.
Optionally drop look-alike characters (i, l, 1, L, o, 0, O) so passwords are easier to read and type.
Create up to 50 passwords at once and copy any single value or all of them together.
Passwords are generated entirely in your browser. Nothing is sent to a server, logged, or stored.
Drag the slider to set how many characters you want — longer passwords are exponentially harder to crack.
Enable uppercase, lowercase, numbers, and symbols. Turn on Exclude ambiguous to skip look-alike characters.
Watch the strength meter and entropy estimate update so you know the password meets your security needs.
Click Generate for fresh passwords, set how many you need, then copy a single one or use Copy All.
Yes. Each character is selected with the browser's crypto.getRandomValues using rejection sampling, which avoids the modulo bias that plagues simpler random pickers. The result is a uniform, unpredictable password.
No. Generation happens entirely in your browser. Passwords are never transmitted, logged, or saved anywhere — close the tab and they are gone.
For most accounts, 16 characters with mixed character sets is a strong default. For high-value secrets, go to 20 or more. The strength meter shows the entropy in bits so you can aim for Strong (80+) or Very strong (120+).
It estimates entropy in bits as length times the base-2 logarithm of the character-pool size. More length and a larger pool mean more bits, which is labelled Very weak under 40, Weak under 60, Fair under 80, Strong under 120, and Very strong at 120 or above.
It removes characters that are easy to confuse — i, l, 1, L, o, 0, and O — so the password is easier to read aloud or type by hand. It slightly shrinks the character pool, which the strength meter accounts for.
Each enabled character set enlarges the pool every position is drawn from, raising entropy per character. Combining uppercase, lowercase, numbers, and symbols makes a short password far harder to brute-force than letters alone.
Encrypt and decrypt text using AES encryption algorithm.
Generate MD5, SHA1, SHA256, and other hash values.
Decode and inspect JWT header, payload, and claims with an expiry check.
Create bcrypt and SHA htpasswd entries for Apache and nginx Basic Auth.