TechCompare LogoTechCompare
Back to Home

Password Generator

Generate secure passwords.

Configuration

16
...
Select at least one character type
Strength
Strong
Entropy
104 bits
Time to Crack
3.22e+3 billion years

Estimate based on 100 billion attempts/sec (modern GPU using bcrypt/SHA-256). Actual time varies with hardware and algorithm.

How to use this tool

  1. Set the password length

    Choose a length of 16 characters or more for a password that resists brute-force attacks on modern hardware. Longer is always stronger, with diminishing returns past 20 characters.

  2. Select character classes

    Toggle uppercase letters, lowercase letters, numbers, and symbols. Including all four classes maximizes entropy. The generator draws every character from the browser's crypto.getRandomValues() CSPRNG.

  3. Generate the password

    Click generate to produce a fresh cryptographically random password. Nothing is sent over the network, stored, or logged. Close the tab and the password is gone from memory.

  4. Copy and store in a password manager

    Copy the password to your clipboard and paste it into a password manager like Bitwarden, 1Password, or Apple Passwords. Never reuse a password across accounts, and enable 2FA wherever possible.

About this tool

The Password Generator produces cryptographically random passwords of any length, with customizable character classes including uppercase, lowercase, numbers, and symbols. It runs entirely in your browser. Every character is drawn from the browser's native crypto.getRandomValues() API, which is the same CSPRNG source used by TLS handshakes and Web Crypto key generation. That means the outputs are suitable for real secrets, not just demo data.

Use it to create master passwords for a password manager, one-off tokens for development, seed values for environment variables, or fresh recovery codes. Because nothing leaves your machine, it's safe to use on shared networks, work laptops with strict DLP policies, or air-gapped environments where external password-generator services aren't an option.

How it works

Random bytes are pulled from crypto.getRandomValues() and mapped to a character set you select. Longer passwords with more character classes have exponentially more possible values, measured in bits of entropy: 16 characters from a 90-character alphabet gives about 104 bits of entropy, well beyond brute-force reach for today's hardware.

When to use it

Any time you need a new credential: a new account, an API key for a script, a recovery passphrase, or a one-off token for a test environment. Pair with the Encoding Converter if you need the password Base64-encoded for an environment file, and the JSON Formatter when embedding credentials into a structured config.

Frequently asked questions

How long should a secure password be?
16 characters or more, drawn from uppercase, lowercase, numbers, and symbols. A 16-character mixed password is currently impractical to brute-force with commodity hardware, while 8-character ones can be cracked in hours by modern GPUs.
Is the generated password actually random?
Yes. The generator uses the browser's crypto.getRandomValues(), a cryptographically secure random source backed by OS entropy. The output is suitable for production password managers, API keys, and seed phrases.
Is my password saved anywhere?
No. The entire generator runs in your browser, with no network requests, no logging, and nothing stored. Close the tab and the password is gone from memory. Check your browser's Network tab to verify there are no outbound calls when a new password is generated.
What's the difference between a passphrase and a password?
A passphrase is a string of dictionary words (like "correct-horse-battery-staple"), long but memorable. A password is usually shorter with mixed character classes (like "Kx9$mQ2!pR"). Passphrases are typically stronger per character of memory effort, and this tool generates both styles.
Should I use the same password everywhere?
Never. Use a password manager (Bitwarden, 1Password, Apple Passwords) and generate a unique strong password for every site. Password reuse is the single biggest cause of account takeover. One breached service leaks the credential, and every other account using it is automatically compromised.
How often should I change my passwords?
Modern guidance (NIST SP 800-63B) says don't rotate strong unique passwords on a schedule. Only change them if you suspect compromise. Forced rotation encourages weak, incremented passwords. Strong password + password manager + 2FA is safer than any rotation policy.

Related tools

Text Encoding Converter

Convert between Text, Base64, Binary, Hexadecimal, and Decimal formats.

Use tool ➜

Unix Timestamp

Convert between Unix timestamps and human-readable dates.

Use tool ➜

JSON Formatter

Validate, format, and minify JSON data with syntax highlighting.

Use tool ➜

Contrast Checker

Check color contrast ratios for WCAG AA/AAA accessibility compliance.

Use tool ➜