Password Generator
Strong, random passwords generated entirely in your browser.
Create strong, random passwords with full control over length, character types, and ambiguous characters — and generate several at once. Each password is built with the Web Crypto API, the cryptographically secure random generator built into your browser.
Nothing is ever sent to a server, logged, or stored. The strength meter shows the entropy in bits and an estimated time to crack.
📖 Read the guide: How Strong Is My Password? (Entropy, Crack Time, and Best Practices)
100% freeNo sign-up No data leaves your browserPrivacy
Formula
Entropy
bits = length × log₂(charset size)
More length and more character types mean exponentially more combinations.
Strength
<40 weak · 40–59 fair · 60–79 strong · ≥80 very strong
Bits of entropy; 80+ is effectively uncrackable with today's hardware.
How to use the password generator
- 1Set the length and choose which character types to include.
- 2Optionally exclude ambiguous characters (0, O, l, 1, I) and set how many to generate.
- 3Copy any password with one click, or press Regenerate for a fresh set.
Examples
| Example | Input | Result |
|---|---|---|
| Default | 16 chars, all types | ~104 bits · centuries |
| Max | 128 chars, all types | very strong |
| Batch | count = 10 | 10 passwords at once |
What makes a password strong
Two things: length and character variety. Each additional character multiplies the number of possible combinations, and each character type you add (uppercase, lowercase, numbers, symbols) enlarges the alphabet. A 16-character password drawn from all four types has on the order of 10²⁸ combinations — far beyond what any attacker can brute-force. The strength meter quantifies this as bits of entropy: every extra bit doubles the guessing effort.
Generated in your browser, never sent anywhere
This generator uses window.crypto.getRandomValues(), a cryptographically secure random number generator standard in every modern browser. The passwords are created locally and never transmitted, logged, or stored — not even by us. That's the whole point of Numvella's privacy-first design: sensitive values like passwords stay on your device.
Use a password manager
Strong, unique passwords are only practical if you don't have to remember them. Generate a different password for every account and store them in a reputable password manager. Modern guidance (NIST) favours long, unique passwords over forced periodic changes — change a password when there's evidence of compromise, not on a fixed schedule.
Frequently asked questions
How do I create a strong password?
A strong password is at least 16 characters long and combines uppercase letters, lowercase letters, numbers, and symbols. Avoid dictionary words, names, and predictable patterns. Use a unique password for every account and store them in a password manager.
How is password strength measured?
Password strength is measured in bits of entropy — the mathematical unpredictability of the password. Each bit of entropy doubles the number of guesses required to crack it. A password with 80+ bits of entropy (e.g., 16 random characters from a full charset) would take centuries to crack with current hardware.
Is this password generator safe to use?
Yes. Passwords are generated entirely in your browser using the Web Crypto API — a cryptographically secure random number generator built into every modern browser. No password is ever sent to any server, logged, or stored.
What makes a password hard to crack?
Length and character variety. A 16-character password using all character types has ~10²⁸ possible combinations. Even at 10 billion guesses per second, cracking it would take longer than the age of the universe.
Should I use symbols in my password?
Yes, if the site allows it. Adding symbols increases the character set from ~62 to ~94 characters, adding roughly 7 bits of entropy per character — significantly harder to crack.
What is the difference between a random password and a passphrase?
A random password uses a mix of characters (e.g., "k#9mXp!2"). A passphrase uses random words (e.g., "correct-horse-battery-staple"). Both can be equally strong; passphrases are easier to remember but require more words for equivalent entropy.
How often should I change my passwords?
Modern security guidance (NIST 2024) recommends changing passwords only when there is evidence of compromise — not on a fixed schedule. Using a unique, strong password for every account matters more than frequent changes.
Can I generate multiple passwords at once?
Yes — set the Count field to up to 10. This is useful when you need passwords for multiple accounts at once or want to pick your favorite from several options.
Embed this calculator
Add the Password Generator to your own website — free. Copy and paste this snippet:
<iframe src="https://numvella.com/embed/password-generator" width="100%" height="460" style="border:1px solid #e2e8f0;border-radius:12px" title="Password Generator — Numvella" loading="lazy"></iframe>