Is this password generator safe to use online?

Yes. All generation happens in your browser using the Web Cryptography API. The generated passwords are never sent to our servers and never appear in any log.

What characters are included in the symbol set?

The symbol set is !@#$%^&*()-_=+[]{};:,.<>?/~ . These are widely accepted by password fields and avoid quote characters that frequently break shell scripts.

Why generate multiple passwords at once?

Useful when you're bulk-resetting accounts, seeding a database with test credentials, or generating one-time codes. The "Download .txt" button writes them all to a plain text file.

What does "Require one of each set" do?

It guarantees at least one character from each enabled character set appears in every generated password. Some sites require this, even though it doesn't meaningfully improve strength.

Password Generator

Generate strong, random passwords in your browser. Customize length, character sets, and bulk-generate. Nothing leaves your device.

Runs entirely in your browser. Nothing is sent to our servers.

About this tool

This password generator uses your browser's crypto.getRandomValues() — a cryptographically secure random source — to pick characters from the sets you select. Generation happens entirely in your tab, so the passwords never travel over the network.

How to pick a good password

Length beats complexity. A 20-character password from a mixed set is overwhelmingly stronger than a 10-character one with the same set, regardless of symbols.
Use a password manager. Strong passwords only help if you don't reuse them, and you can't memorize a unique 20-character string for every site.
Skip "exclude ambiguous" when typing isn't a concern. Removing characters reduces entropy slightly. Only enable it if you'll be reading the password off a screen and typing it.

Strength estimate

The strength bar below the output is a rough entropy estimate based on length and the size of the character pool. It's a guide, not a guarantee. For real-world threat modelling, an attacker's cost depends on how the hash is stored at the destination service.

Frequently asked questions

Is this password generator safe to use online?: Yes. All generation happens in your browser using the Web Cryptography API. The generated passwords are never sent to our servers and never appear in any log.
What characters are included in the symbol set?: The symbol set is !@#$%^&*()-_=+[]{};:,.<>?/~. These are widely accepted by password fields and avoid quote characters that frequently break shell scripts.
Why generate multiple passwords at once?: Useful when you're bulk-resetting accounts, seeding a database with test credentials, or generating one-time codes. The "Download .txt" button writes them all to a plain text file.
What does "Require one of each set" do?: It guarantees at least one character from each enabled character set appears in every generated password. Some sites require this, even though it doesn't meaningfully improve strength.

Last updated: May 17, 2026

About this tool

How to pick a good password

Strength estimate

Frequently asked questions

Related tools