About Password Generator

Generates random passwords with configurable character sets, length, and exclusion rules. Shows entropy in bits and estimated brute-force time assuming 1 billion guesses per second\u2014a reasonable estimate for offline GPU attacks against unsalted hashes.

  • Guarantees at least one character from each enabled class (uppercase, lowercase, digits, symbols)
  • \u201cExclude similar\u201d removes i, l, 1, L, o, 0, O\u2014useful for passwords you\u2019ll read aloud or type manually
  • Entropy calculation: log\u2082(charset_size ^ length). A 16-character password with full charset yields ~105 bits
  • Strength meter uses length, character variety, and pattern detection (repeated chars, sequential runs)

Frequently Asked Questions

How long should my password be?
16+ characters with mixed types puts you above the 80-bit entropy threshold where brute force becomes impractical. For high-value accounts, 20+ is better. Length matters more than complexity.
Is Math.random secure enough for passwords?
For most use cases, yes. It\u2019s not cryptographically secure (crypto.getRandomValues would be), but the practical difference only matters if an attacker can predict your PRNG state\u2014which requires browser process access, at which point they can read the password directly.

More Generators Tools

All Generators tools