Random Password Generator
Strong random passwords with full control over length and character sets.
$ pwgen -s 20 1
What makes a password strong?
Length beats cleverness. Every extra character multiplies the number of possible passwords, so a 20-character random password from the full 94-character set carries about 131 bits of entropy — far beyond what any brute-force attack can search. Substituting a with @ in a dictionary word, on the other hand, adds almost nothing: cracking tools try those substitutions first.
How this generator works
Characters are drawn with crypto.getRandomValues(), the cryptographically secure random number generator built into your browser — never Math.random(). The generator uses rejection sampling, so every character in the selected set is exactly equally likely (no modulo bias). Generation happens entirely on your device: open your browser's network tab and you'll see that no generated value ever leaves the page.
Practical advice
Use a password manager and give every account its own random password — the one case where you should prefer a passphrase is the handful of secrets you must type from memory, like the password manager's master password. The "no ambiguous characters" option removes 0/O and 1/l/I, which helps when a password has to be read aloud or retyped from paper.
Nothing leaves your browser
- Every value comes from
crypto.getRandomValues()— the CSPRNG built into your browser, neverMath.random(). - Generated secrets are never transmitted, logged or stored: no server-side generation, no cookies, no localStorage.
- Verify it yourself in the network tab: after loading, the page only talks to our self-hosted, cookie-less analytics — which counts page views and which generator type gets copied, never any value.
- Strict Content-Security-Policy; no third-party script origins.