Skip to content
TypeParser
All tools

Password Generator

Strong passwords with live entropy.

beats passwordsgenerator.net edge: Live entropy + passphrase mode + bulk generation
options
20
10
strength
— bits crack: —
passwords
Guide

About Password Generator

Generate cryptographically random passwords with live entropy and crack-time estimates. Toggle character classes — uppercase, lowercase, digits, symbols — or switch to passphrase mode for memorable EFF-style four-to-seven-word phrases. Bulk mode produces a list. Everything runs in your browser via <code>crypto.getRandomValues</code>.

What “strong” means

A strong password is unpredictable to an attacker who knows everything about how you generated it — except the random bits. The metric that matters is entropy: bits of randomness. Length helps, character classes help, but only if the value was drawn truly randomly. A 20-character password built from the alphabet of common words has less entropy than a 10-character random alphanumeric.

This generator only outputs values from a uniform distribution over the active alphabet. That keeps the entropy calculation honest.

Modes

  • Random characters — toggle uppercase, lowercase, digits, symbols. Avoid-similar drops Il1O0. Avoid-ambiguous drops symbols that some shells eat.
  • Passphrase — pick word count (4-8), separator, capitalization. Pulls from the EFF long word list (7,776 words ≈ 12.9 bits per word).
  • Hex / PIN / numeric — for systems that demand a specific charset.
  • Bulk — generate up to 100 at once. Each entry is independent.

Common workflows

Spinning up a new service. Generate a 32-char alphanumeric password for the database user, paste into your secret store, never type it again.

Migrating off shared passwords. Bulk-generate one per user, paste into a CSV, import to your IdP. The passwords are written once into the secret manager and never read by a human.

Master password rotation. Use passphrase mode — easier to remember during the few weeks you need it, before muscle memory takes over.

Why it stays in the browser

Any password you generate elsewhere is a password the generator’s host could log. Even when the site is honest, a compromised CDN or a malicious browser extension can steal what passes through. This generator runs only in your browser using the W3C-mandated CSPRNG. Open DevTools → Network → see the silence. Your passwords leave the page only when you copy them.

Frequently asked questions

Is the randomness cryptographically secure?
Yes. We use crypto.getRandomValues(), the browser's CSPRNG. Avoid any password generator that relies on Math.random() — its output is not unpredictable enough for security use.
How long should my password be?
For modern passwords protected by a slow hash (bcrypt, argon2), 12 random characters with mixed classes is usually enough. For master passwords or anything offline-attackable, 16-20 characters or a 6-word EFF passphrase. Live entropy is a better signal than length alone.
What is entropy?
Bits of unpredictability. A password drawn uniformly from N options has log₂(N) bits. 60 bits resists almost every casual attack; 80 bits is a sane target for high-value credentials; 128 bits is overkill but cheap.
Why use a passphrase instead of random characters?
Memorability. A 6-word passphrase from the EFF long word list is about 77 bits of entropy — comparable to a 12-character random password — and a human can actually recall it after a week. Trade-off: it is longer to type.
Are these passwords stored anywhere?
No. Generated passwords exist only on the page. No history, no telemetry, no clipboard logging. Reload, they are gone.
Is bulk generation safe?
Yes. We generate up to 100 at a time, all locally. Useful when seeding a new system with strong credentials. Save them straight into your password manager — never email or paste them into a document.

Related tools

Last updated: 2025-01-15