Utility

Password Generator

Generate strong, random passwords with adjustable length and character classes. All generation happens locally — nothing is sent to a server.

How to use this How is this calculated?

Preset

Password length12 is acceptable, 16+ is strong, 20+ is excellent. Above 32 hits diminishing returns.

Uppercase (A-Z)Lowercase (a-z)Digits (0-9)Symbols (!@#$…)Exclude lookalikes (Il0O)

Generating…

How to use

1
Pick a preset or set length + character classes manually.
2
Click the regenerate button to produce a fresh password — every click uses the browser's cryptographic randomness.
3
Higher entropy = harder to crack. NIST recommends a minimum of 60 bits for everyday accounts and 80+ for financial / admin accounts.
4
Click anywhere on the password to copy it. The password is never sent to a server.

Frequently asked questions

Entropy measures how many possible passwords could have been generated with the same rules. Higher entropy = larger search space for attackers. A 16-character mixed-case+digits+symbols password has ~104 bits of entropy — about 10^31 possible combinations.

12 chars is the rough modern floor (banks, social, mail). 16-20 for financial accounts and password manager master passwords. 24+ for crypto wallet recovery phrases / admin accounts. Length matters more than complexity — 20 random lowercase letters is stronger than 12 random mixed-case+digits+symbols.

Yes — it uses window.crypto.getRandomValues(), the browser's built-in cryptographically secure pseudo-random number generator (CSPRNG). Math.random() would NOT be secure for password generation (predictable seed). Always verify the URL is your-domain — phishing sites have shipped fake password generators in the past.

Yes — strongly. The only sustainable way to use unique 16+ character passwords on every site is a manager. Bitwarden (free, open source), 1Password, and ProtonPass are the popular choices. UAE residents: check the manager doesn't require offshore servers your employer blocks.

Passkeys (FIDO2 / WebAuthn) are replacing passwords on supporting sites (Apple, Google, Microsoft accounts in 2024-26). They're stored in your device's secure enclave and can't be phished. Use them where available. Strong passwords are still needed for the long tail of sites that don't yet support passkeys.

Help us improve this calculator

What's missing or wrong? What would make this more useful for you? Every suggestion lands in our inbox.

Related tools

Word Counter

Live word, character, sentence, reading-time stats

Roman Numerals

Arabic to Roman and back, 1 to 3,999,999 with Vinculum

Random

Integers or decimals, with or without duplicates

Days Between

Count days, weeks and months between any two dates

Source: Strength labels per NIST SP 800-63B entropy guidelines · Last verified 2026-06. NIST SP 800-63B. This tool provides estimates only and is not legal, tax or financial advice. Always verify your specific situation with the relevant UAE authority or a licensed advisor before taking action.