Create Strong Passwords, Passphrase Mode & Strength Analyzer

Strong, random passwords with full character control, custom characters, strength analysis and crack-time estimates. Runs entirely in your browser.

Click "Generate" to start

Length 20

Lowercase a–z Uppercase A–Z Digits 0–9 Symbols !@#$%&*? Special ()[]{}<>… Extended ©®™§¶ Exclude similar 0 O l 1 I 5 S

Custom characters (optional, added to the pool)

How to use the Password Generator

Adjust the length slider (4 to 128 characters). Most security guidelines recommend at least 16 characters; 20+ is excellent.
Pick the character types you want included: lowercase, uppercase, digits, symbols, extended characters. Each adds more variety to your password.
Optionally enter custom characters in the dedicated field, anything you type will be added to the mix.
Toggle Exclude similar to remove easily confused characters (0, O, 1, l, I, 5, S) when the password may be written by hand.
Click Generate Password. The strength bar updates in real time: aim for the green or violet zone for important accounts.
Use the copy icon (📋) or regenerate icon (↻) to keep iterating until you have one you like.

Understanding the strength score

The strength score measures how unpredictable your password is. The longer it is, and the more types of characters it includes, the harder it is for anyone to guess. A 12-character password using a full mix of characters already offers good security; a 20-character password from the same set is excellent, well into the quantum-ready zone.

Privacy notes

Generated passwords and analysis text stay in the active browser tab. The tool does not upload them, and the short optional history exists only so you can compare recent generations while the page is open. Clear the history before leaving a shared computer, then close the tab to remove the temporary session data.

Strength levels

Weak: Can be guessed in hours to days by a determined attacker. Suitable only for low-stakes throwaway accounts.
Fair: Reasonable for most personal accounts, especially when combined with two-factor authentication.
Strong: Practically unguessable with today's technology. The right level for important accounts and password manager master passwords.
Quantum-ready: Strong enough to be safe even against future, more powerful computers. Recommended for long-term secrets and high-value accounts.

Frequently asked questions

Is this password generator really secure?

Yes. The generator uses your browser's built-in secure random number generator, the same one used by reputable password managers and secure websites. Every password is created entirely in your browser and never sent anywhere. The page also works offline once it has loaded. To turn a WiFi password into a scannable QR code, see the QR Code Generator. If you also need to generate a checksum, the Hash Generator computes MD5, SHA-256, SHA-512 and more directly in your browser. Your data is never used to train AI models or improve machine learning systems.

What does "quantum-ready" mean?

Quantum computers are a new type of machine that, if ever built at large scale, could crack passwords much faster than today's computers. Quantum-ready means your password is long and complex enough to be safe even against that future threat. The strength bar shows when you have reached that level.

How is the crack time calculated?

The estimate assumes a powerful computer trying every possible combination at very high speed, the kind of attack a determined hacker with specialized equipment could attempt. The displayed time is how long it would take on average to guess your password that way. Treat it as a comparison signal rather than a guarantee: leaked-password reuse, phishing and malware can defeat even a mathematically strong password.

Why is character history hidden by default?

Passwords are sensitive even after you've copied them. Hiding the history reduces the risk of someone glancing at your screen. Each entry can be revealed individually with a click, copied, or deleted. The history is saved only on your device (never sent anywhere) and you can clear it entirely at any time.

What does "exclude similar characters" do?

It removes easily confused characters like 0, O, 1, l, I, 5, S. This is useful when a password may be written by hand or read from a printed page, since these characters look alike. The trade-off is a slightly reduced variety of characters, which has negligible impact on security for passwords of 16 characters or more.

Should I reuse this password on multiple sites?

No, never. Even a perfectly random 30-character password becomes worthless if a single site you used it on is breached. Use a different password for every account, store them in a reputable password manager (NordPass, Bitwarden, 1Password, KeePassXC), and enable two-factor authentication wherever possible. The strongest password you can remember is "the one your password manager generated for you". Note that some websites encode login details in a format called Base64, that encoding does not protect them from being read. Use the Base64 Encoder & Decoder to inspect or decode such content.

What is a passphrase and when is it better than a random password?

A passphrase is a sequence of four or more random words, for example "orange mountain circuit delay". It is easier to memorize than a string of random characters while still being statistically strong, because the strength comes from the number of words rather than from complex symbols. A four-word passphrase drawn from a large word list has over 50 bits of entropy, which is comparable to a 10-character random password using the full character set. Passphrases are especially useful for the few credentials you need to type by hand, such as the master password for your password manager, your device unlock code, or accounts on devices without a keyboard. For everything else, a fully random character password stored in a manager is the stronger choice. This tool generates both styles so you can pick the one that fits your situation.

Back to All Tools