Hash Generator
Generate MD5, SHA-1, SHA-256 and SHA-512 hashes from any text.
Password Generator
Create strong, random passwords instantly using your browser's built-in cryptographic engine. Customize length and character types to meet any security requirement. Every password is generated locally with the Web Crypto API — nothing is ever sent to a server or stored anywhere.
How to Use This Tool
- Set the length — use the slider to choose your desired password length. Security experts recommend at least 16 characters for most accounts.
- Choose character types — toggle uppercase letters, lowercase letters, numbers, and symbols on or off. Including all four types maximizes password strength.
- Password generates automatically — a new random password is created instantly whenever you change any setting.
- Check the strength meter — the color-coded bar shows the estimated strength of your password based on its entropy.
- Copy or refresh — click "Copy" to copy the password to your clipboard, or click the refresh icon to generate a new one with the same settings.
What Makes a Password Strong?
Password strength is measured by entropy — the number of possible combinations an attacker would need to try in a brute-force attack. Entropy depends on two factors: the size of the character set and the length of the password. A 16-character password drawn from a 94-character set (uppercase, lowercase, digits, and symbols) has approximately 105 bits of entropy, meaning an attacker would need to try roughly 2^105 combinations — far beyond what any current or foreseeable computer could brute-force.
The most common password mistakes are using short passwords, reusing the same password across multiple sites, and incorporating predictable patterns like dictionary words, dates, or keyboard sequences. Even "clever" substitutions like replacing 'a' with '@' are well-known to attackers and provide minimal additional security. A truly random password generated by a cryptographic random number generator is the gold standard for security.
For practical security, use a unique random password for every account and store them in a password manager. The only password you need to memorize is your password manager's master password, which should be a long passphrase — four or more random words strung together. This approach gives you both maximum security and practical usability without the need to remember dozens of random character strings.
Frequently Asked Questions
How does this password generator work?
This tool uses the Web Crypto API (
crypto.getRandomValues) built into your browser to generate cryptographically secure random numbers. These random values are mapped to your selected character set to produce a password. The entire process runs in your browser — no password is ever sent to or stored on any server.How long should a strong password be?
Security experts recommend at least 12-16 characters for most accounts. For high-security accounts (email, banking, password managers), use 20 or more characters. Longer passwords are exponentially harder to crack: a 16-character password with mixed characters would take billions of years to brute-force with current technology.
Is it safe to generate passwords online?
It depends on the tool. This generator runs entirely in your browser using the Web Crypto API — your password is never transmitted over the network or stored anywhere. Many other online generators send requests to a server, which means your password passes through their systems. Always verify that a password generator works client-side before trusting it with credentials you plan to use.
Should I use special characters in my password?
Yes, when possible. Including uppercase letters, lowercase letters, numbers, and symbols maximizes the character set size, making brute-force attacks exponentially harder. A 12-character password using all four character types has roughly 475 trillion times more possible combinations than one using only lowercase letters. However, some systems restrict which special characters are allowed.
What is the difference between random and memorable passwords?
Random passwords (like those generated here) are strings of random characters — they offer maximum entropy per character but are hard to memorize. Memorable passwords (passphrases) use random words strung together, like "correct-horse-battery-staple". Both approaches are secure when done properly. For accounts protected by a password manager, random passwords are ideal. For passwords you must type from memory, passphrases are more practical.