Strong Random Password Generator

A strong password generator creates high-entropy random passwords that humans would struggle to invent. The core problem with human-chosen passwords is predictability — people reuse names, dates, and common words, then add a single uppercase letter and a ! to satisfy the policy. Attackers know this, which is why password spraying and credential-stuffing attacks dominate breach data. A generator built on crypto.getRandomValues sidesteps human bias entirely and produces passwords that are genuinely unpredictable within the bits of entropy the generator provides.

Entropy is the right mental model. A password's strength is measured in bits — the logarithm of the number of guesses an attacker would need in the worst case. A fully random 14-character password drawn from 94 printable ASCII characters has about 92 bits of entropy, meaning a dedicated attacker needs roughly 2⁹² guesses to exhaust the space. A 12-word diceware passphrase lands at a similar level. Anything above about 60 bits is considered strong enough to resist offline cracking for decades; above 80 bits is excellent.

This generator runs in three modes. Random draws from uppercase, lowercase, digits, and symbols in whatever mix you choose, optionally excluding ambiguous characters like 0/O and 1/l/I that are easy to misread. Speakable alternates consonants and vowels to produce pronounceable strings, useful when you need to read a password over the phone at the cost of slightly lower entropy. Passphrase mode chains words from a diceware list, which balances strength with memorability — Correct-Horse-Battery-Staple is the canonical example from XKCD 936.

Privacy matters: this generator executes entirely in your browser using the native cryptographically-secure random number API. The page does not transmit, log, or store any generated password. A session history buffer keeps the last five passwords you've generated in this tab, but the data never leaves your device and is discarded when you close the page.

For anything important, pair this tool with a password manager. Bitwarden, 1Password, and Apple's iCloud Keychain all autofill generated passwords and let you store unique, strong passwords per site without having to remember them. The highest-value security upgrade most people can make is moving from reused passwords to one-strong-password-per-site via a manager.

1. Pick a mode. Random for maximum strength, Speakable when you'll read it aloud, Passphrase for memorability.
2. Set the length (or word count). For random, 16–24 characters is a good default. For passphrases, 5–6 words balances memorability against strength.
3. Choose your character classes. The broader the pool, the higher the entropy. Enable Exclude ambiguous if you'll have to type the password manually.
4. Check the strength meter. Aim for a green bar (≥ 60 bits) for important accounts and excellent (≥ 80 bits) for your master password.
5. Copy and store. Click Copy and paste straight into your password manager. Do not save passwords in a plain text file.

• Cryptographically-secure randomness via the Web Crypto API.
• Three modes: random, pronounceable, diceware passphrase.
• Live entropy estimate and strength meter.
• Ambiguous-character exclusion for easy manual entry.
• Session history (last 5 passwords, cleared on page close).
• Mask/unmask for shoulder-surfing protection.
• Zero network traffic — everything runs locally.