Generate strong, secure passwords with customisable options. Test any password's strength instantly.
Generate cryptographically secure passwords or test the strength of any existing password. The generator uses your browser's crypto.getRandomValues() API for true randomness — far stronger than Math.random(). All generation and testing happens in your browser with no data sent anywhere.
| Type | Example | Crack Time (2026) | Rating |
|---|---|---|---|
| 8 char, lower only | password | Seconds | ❌ Very Weak |
| 8 char, mixed | P@ss1234 | Hours | ⚠️ Weak |
| 12 char, all types | X7@kL!p9qR2m | Years | ✅ Good |
| 16 char, all types | mK#9pQ2@vX!7wY4& | Centuries | ✅ Strong |
| Passphrase (4 words) | correct-horse-battery-staple | Centuries | ✅ Strong & Memorable |
How does this password generator work?
The generator uses crypto.getRandomValues() — the browser's cryptographically secure random number generator — to select characters from your chosen character set. This is the same API used by security-critical applications, far more secure than standard Math.random().
What is two-factor authentication (2FA)?
2FA requires two proofs of identity: your password plus a second factor (usually a one-time code from an authenticator app like Google Authenticator or Microsoft Authenticator, or an SMS code). Even if your password is stolen, 2FA prevents unauthorised login. The Australian Cyber Security Centre strongly recommends enabling 2FA on all important accounts.
How many character types should a password include?
Use all four character types (uppercase, lowercase, numbers, symbols) for maximum security. At 16 characters with all types, brute-force cracking would take centuries with current hardware. Avoiding ambiguous characters (0, O, l, 1) with the 'Exclude ambiguous' option makes passwords easier to type manually.
Should I use a password manager?
Yes — strongly recommended. Password managers (Bitwarden is free and open-source; 1Password is popular) generate, store, and autofill unique strong passwords for every site. You only need to remember one strong master password. This is far more secure than reusing passwords or writing them in notes.