Text

Password Generator

Password Generator builds secure password strings right in your browser. You can fine-tune the length, the mix of uppercase / lowercase / digits / symbols, exclude look-alike characters, and generate up to 20 passwords at once when you need to roll many credentials in one go.

Options

Length: 16 chars

Character sets

Uppercase (A-Z)Lowercase (a-z)Digits (0-9)Symbols

Exclude ambiguous charactersAvoid 0 / O / o / 1 / l / I / L / | and similar look-alikes

Symbols to use

Characters used when Symbols is on. Leave empty to use the default symbol set.

Characters to exclude

Anything you put here is removed from every generated password.

Generate at once: 1 items

Generated password

Strength

Press "Generate password" to see the result here.

Generation and strength scoring run entirely in your browser and are never sent to a server.

Character Counter

Count characters, characters-excluding-whitespace, and line count of any text in real time.

JSON Linter

Validates JSON syntax and formats it with your chosen indent.

About Password Generator

It uses the browser's secure random source and guarantees that every selected character class contributes at least one character. A built-in strength meter scores each result, so you can dial the length and symbol policy until you hit the strength you want for the target site or system.

Edit "Symbols to use" to honor sites that ban certain punctuation, and type any code points you want to forbid into "Characters to exclude" to keep them out for good. Generation and strength scoring run entirely in your browser — your options and the generated passwords are never sent to a server. Runs entirely in your browser.

How to use

Set the password length (4 to 128 characters) with the slider or the number input.
Tick the character classes you want to include: uppercase, lowercase, digits, symbols.
Turn on "Exclude ambiguous characters" if you need to avoid look-alikes like 0/O/o, l/1/I, and similar pairs.
If the destination forbids certain symbols, edit "Symbols to use" to only the ones it allows, and add any forbidden characters to "Characters to exclude".
Drag "Generate at once" above 1 to produce a batch.
Click "Generate password" to roll a new password and show its strength meter. Click again to roll another one with the same settings.
Confirm the strength meter shows the level you want, then click "Copy" or "Copy all" to send the result to your clipboard.

Use cases

Creating a strong unique password for every new web account so you never reuse credentials across sites.
Engineers rotating DB passwords, API keys, or service-account secrets that show up in logs and need predictably high entropy.
Issuing shared Wi-Fi or one-time access passwords for guests where readability matters and look-alikes need to be avoided.
Operations rolling 10–20 initial credentials in one batch for distribution at onboarding or account-reset time.
Working around site-specific rules (e.g. only @ and _ allowed) by generating passwords that use only the permitted symbol set.

Notes

Generation and strength scoring run entirely in your browser; your settings and the generated passwords are never sent to a server.
Nothing is persisted by the tool. Closing the tab or pressing Regenerate discards the value, so save anything you need into a password manager first.
The strength meter is a zxcvbn estimate. Even at the same length, a result heavy in one class scores lower — combining multiple character classes is recommended.
Leaving "Symbols to use" blank falls back to the default symbol set. It is safe to keep the field empty with symbols still enabled.
Combining "Characters to exclude", "Exclude ambiguous characters", and a tight "Symbols to use" can drain the usable alphabet to zero. In that case the tool reports an error — relax one of the constraints.

FAQ

Is the generated password sent or stored anywhere?

No. Random generation, strength scoring, and copy actions all happen inside your browser; nothing leaves the device. Once you close the tab the result is gone, so copy anything you want to keep into a password manager.

How long should my passwords be?

It depends on the use case, but 16 or more characters for site logins and 24–32 or more for key-equivalent secrets tends to land in the top score bands. Length contributes more to strength than adding character classes, so go as long as the destination allows.

What does the strength meter actually measure?

It uses the open-source zxcvbn library to estimate how few guesses an attacker would need, taking into account dictionaries, keyboard patterns, and repeats. The score is reported on a 0–4 scale and reflects coincidental patterns in the result as well as length and character classes.

The site blocks some of the symbols I get. What can I do?

Edit "Symbols to use" so it contains only the punctuation the site accepts. Adding the forbidden characters to "Characters to exclude" gives you a second layer of protection against them sneaking back in.

If I use the same settings, will I get the same password again?

No. Every run draws fresh random bytes, so even with identical settings the output differs each time in practice.

Does it work offline?

Yes — once the page has loaded, the generator runs entirely in the browser and needs no network. The strength meter likewise works offline after its library has loaded.