Is this random enough?

Yes. crypto.getRandomValues delegates to the operating system's cryptographic random source (CryptGenRandom on Windows, /dev/urandom on Linux/macOS). It's strong enough for cryptographic keys; passwords are a far lower bar.

What does "entropy bits" mean?

It's the log base 2 of the number of equally-likely passwords your settings could produce. 80 bits means there are 2^80 (~10^24) possibilities — enough to make brute-force infeasible at any realistic attack rate.

Should I exclude look-alike characters?

Only if you'll be typing the password by hand or reading it off another screen. It costs a small amount of entropy. For password-manager-stored passwords, leave it off.

How does this compare to passphrases like "correct-horse-battery-staple"?

Passphrases drawn from a large word list (5000+ words) can hit 60+ bits of entropy in 4-5 words and are far easier to type. They're great for the few passwords you have to remember by hand; for everything else, use a random string from this generator and a password manager.

Does the page log my password?

No. There is no network request when you generate. The page is statically prerendered and the password lives only in your tab's memory.

Why does the entropy depend on charset size?

Each character is one independent draw from the charset. With k options, each character contributes log₂(k) bits. Total = length × log₂(k).

Password Generator

Cryptographically-strong, browser-only, with the live entropy alongside.

The generator below produces uniformly-random passwords using the browser’s crypto.getRandomValues API (the same source modern browsers use for TLS key generation). Every digit is independent; the entropy meter shows the Shannon entropy of your settings so you can see strength move as you tweak length or character classes. Nothing leaves the page — the password is never sent over the network or stored in localStorage.

l8*[*n5<y?6PuOqjm,#6

very strong · 129 bits

Generated with the browser’s crypto.getRandomValues. Nothing leaves your device — the password isn’t logged, sent, or analytics-tracked.

How to use

Pick a length
16 characters is a safe modern default. 20+ is comfortably future-proof. Less than 12 is too short for anything you actually care about.
Choose character classes
More classes = higher entropy per character. Symbols add the most because they nearly double the charset.
Copy and store
One tap copies the password to the clipboard. Drop it into your password manager — don't keep the tab open.

Entropy reference

Length	Charset	Entropy	Strength
8	a-z	~38 bits	weak
12	a-z A-Z 0-9	~71 bits	fair
16	a-z A-Z 0-9 sym	~104 bits	strong
20	a-z A-Z 0-9 sym	~131 bits	very strong

Frequently asked questions

Is this random enough?: Yes. crypto.getRandomValues delegates to the operating system's cryptographic random source (CryptGenRandom on Windows, /dev/urandom on Linux/macOS). It's strong enough for cryptographic keys; passwords are a far lower bar.
What does "entropy bits" mean?: It's the log base 2 of the number of equally-likely passwords your settings could produce. 80 bits means there are 2^80 (~10^24) possibilities — enough to make brute-force infeasible at any realistic attack rate.
Should I exclude look-alike characters?: Only if you'll be typing the password by hand or reading it off another screen. It costs a small amount of entropy. For password-manager-stored passwords, leave it off.
How does this compare to passphrases like "correct-horse-battery-staple"?: Passphrases drawn from a large word list (5000+ words) can hit 60+ bits of entropy in 4-5 words and are far easier to type. They're great for the few passwords you have to remember by hand; for everything else, use a random string from this generator and a password manager.
Does the page log my password?: No. There is no network request when you generate. The page is statically prerendered and the password lives only in your tab's memory.
Why does the entropy depend on charset size?: Each character is one independent draw from the charset. With k options, each character contributes log₂(k) bits. Total = length × log₂(k).

About

Modulo-bias-free sampling

Naïve approaches use `random32 % charsetSize`, which is biased when charsetSize doesn't divide 2^32 evenly. The generator uses rejection sampling against the largest multiple of charsetSize that fits in a uint32 — discarded values trigger a re-draw — so the distribution is exactly uniform.

Why not Math.random?

Math.random's underlying algorithm (Xoroshiro / XorShift in modern engines) is fast but not cryptographically secure: an attacker who sees a few outputs can predict subsequent ones. crypto.getRandomValues uses a CSPRNG with no such weakness.