This generator uses the Web Crypto API (crypto.getRandomValues) to produce cryptographically secure random values directly in your browser. No passwords are ever sent to a server.

Random Password

Each character is selected independently from your chosen character set (uppercase, lowercase, digits, symbols). A 16-character password with all character types enabled provides ~105 bits of entropy, which would take billions of years to brute-force even with modern hardware.

Passphrase

Passphrases string together random words (e.g., Breeze-Canyon-Dragon-42) to create passwords that are both strong and easy to remember. A 4-word passphrase provides ~30+ bits of entropy per word. Passphrases are especially useful for master passwords you need to type from memory.

What Makes a Password Strong?

• Length matters most — each additional character multiplies the number of possible combinations exponentially
• Use all character types — mixing uppercase, lowercase, numbers, and symbols increases the search space attackers must cover
• Avoid patterns — dictionary words, keyboard patterns (qwerty), and personal info are tried first by attackers
• Use unique passwords — never reuse passwords across different accounts
• Consider a passphrase — 4+ random words are easier to remember and can be stronger than a short complex password