Secure Random Password Generator
Generate cryptographically-secure random passwords with configurable length (4–128), character classes (upper, lower, digits, symbols), ambiguity exclusion and uniqueness. Shows entropy in bits and strength rating. Powered by Web Crypto API, fully local.
Usage
Generates cryptographically secure random passwords with crypto.getRandomValues, using rejection sampling to eliminate modulo bias.
When multiple character classes are enabled, the result contains at least one character from each class, then is shuffled with Fisher-Yates.
Entropy estimation (bits) = length × log₂(pool size):
- < 28 bits: very weak, instantly cracked;
- 28 – 50 bits: weak;
- 50 – 80 bits: moderate;
- 80 – 128 bits: strong, resistant to today's brute force;
- ≥ 128 bits: very strong, matches AES-128 key strength.
Increasing length has far higher marginal value than expanding the character set.
Use cases
FAQ
How is the password generated, and is it uploaded?
Using the browser's crypto.getRandomValues — cryptographically secure randomness, generated entirely locally.
How long is long enough?
Important accounts: ≥ 16 chars with mixed classes. ≥ 80 bits of entropy resists current brute-force compute.
How is the strength rating computed?
Information entropy (bits) = length × log₂(pool size). Length wins over class diversity for marginal entropy gain.
Which look-alike characters are excluded?
0 / O / o, 1 / l / I / i — characters easily confused by eye.