Generate cryptographically secure passwords with customisable length and character sets. ✓ 100% client-side
Character Sets
Yes. All randomness comes from window.crypto.getRandomValues(), which uses the operating system's cryptographically secure random number generator (CSPRNG). Math.random() — which is not cryptographically secure — is never used.
No. Everything runs entirely in your browser using vanilla JavaScript. No data is ever transmitted to a server, logged, or stored anywhere. Your passwords never leave your device.
For most accounts, 16–20 characters with mixed character sets is considered very strong. For high-value targets (banking, email, password managers), 24+ characters is recommended. Longer is always better when a password manager is involved.
It removes characters that look visually similar in certain fonts: l (lowercase L), 1 (one), I (capital i), O (capital o), 0 (zero), and o (lowercase o). Useful when you need to type or read a password manually.
Strength is scored on a combination of password length and the number of character set categories used (uppercase, lowercase, digits, symbols). Longer passwords with more varied character sets score higher.