Home
🔐 New Tool

Strong Password Generator

Cryptographically secure passwords in one click. Pick a length, hit generate, copy. Browser-only, nothing stored.

Your password
Click a length preset above and hit "Generate Password" to begin.
No password yet 0 bits
⚡ Quick length presets
characters
🔤 Character types

📌 5 Tips for strong passwords

Frequently Asked Questions

What makes a password strong?

A strong password has three properties: length (12+ characters is the modern minimum, 16+ is better), entropy (a mix of uppercase, lowercase, numbers, and symbols), and uniqueness (never reused across sites). A 12-character password with all 4 character classes has about 79 bits of entropy — strong enough to resist brute-force attacks for centuries. A 16-character password is even better: ~106 bits, which is unbreakable by current technology. This generator lets you pick 8, 12, 16, 20, 24, or 32 characters with all 4 character classes enabled by default.

Is this password generator cryptographically secure?

Yes. The tool uses the browser's built-in crypto.getRandomValues() API, which is the same source of randomness used by password managers like 1Password and Bitwarden. It is NOT the same as Math.random(), which is predictable. The password is generated entirely in your browser — nothing is sent to a server, nothing is logged, nothing is stored. You can verify this by opening the browser DevTools Network tab and generating a password: you will see zero network requests for the generation itself.

Why do some sites require exactly 12 characters?

Many major sites (banks, government portals, enterprise SaaS) have minimum-length requirements between 8 and 16 characters, with 12 being the most common 2024-2026 standard. NIST Special Publication 800-63B recommends a minimum of 8 characters but encourages 12+ for human-memorable passwords. Some sites also enforce maximum lengths (16-64) to prevent buffer-overflow attacks on legacy systems. The 12-character preset on this tool is one click, with uppercase, lowercase, numbers, and symbols pre-enabled — it meets virtually every site's password policy.

How do I remember a 32-character password?

You don't — and you shouldn't try. The whole point of a 32-character password is that it's too long to memorize, so you store it in a password manager (1Password, Bitwarden, Apple Passwords, Google Password Manager). You only need to remember the master password for your password manager, which is the only password you should ever try to memorize. For the master password, a 20-character memorable passphrase (like 'Purple-Tacos-Run-Quickly-42!') is far stronger than a 12-character random string and easier to recall.

What is a 32-character key used for?

A 32-character key (or 256-bit key in hex) is the standard encryption key length for AES-256, which secures file encryption, VPN connections, SSH keys, cryptocurrency wallets, and database credentials. Generating a 32-character password with this tool is equivalent to generating a 256-bit key — the character set (94 printable ASCII characters) makes it cryptographically interchangeable with a true 256-bit random key. Use the 32-character preset for: API keys, encryption passphrases, SSH key passphrases, recovery codes, and root database passwords.

Should I include symbols in my password?

Length matters more than symbol complexity. A 16-character password with only lowercase letters is stronger than a 12-character password with uppercase, lowercase, numbers, and symbols — the length difference (4 extra characters) provides more entropy than the character-class difference. However, since most sites require at least one symbol, the practical move is to keep symbols on (the default here) and prioritize length. For maximum entropy at a given length, enable all 4 character classes — every additional character class adds log2(set_size) bits per character, which compounds with each character of length.

Disclaimer: This password generator runs entirely in your browser. We do not see, store, transmit, or log any passwords you generate. For maximum security, use a reputable password manager (1Password, Bitwarden, Apple Passwords) to store the passwords this tool creates. Not a substitute for enterprise identity-management systems.