Password Generator
Generate cryptographically secure passwords with full control over length, character sets, and formatting. Passwords are generated and stay entirely in your browser — nothing is ever sent to a server.
Character sets
Uses crypto.getRandomValues() — cryptographically secure. Passwords are never sent anywhere.
Why crypto.getRandomValues()?
Unlike Math.random(), which is a pseudorandom number generator not suitable for security, crypto.getRandomValues() uses the operating system's cryptographically secure entropy source — the same source used by security-critical software.
How long should a password be?
NIST guidelines (SP 800-63B) recommend at least 15 characters for human-chosen passwords. For machine-generated passwords stored in a password manager, 20+ characters with all character sets gives effectively infinite security.
When to exclude ambiguous characters
Useful when passwords are typed manually or printed, since I/l/1 and O/0/o are easily confused. For passwords that are always copy-pasted or stored in a password manager, leave this off to maximise entropy.
