Free Password Generator
Generate strong passwords locally in your browser. No sign up, no tracking, and no passwords sent to a server.
Improving
- Generated locally in your browser.
- Uses the Web Crypto API for randomness.
- Optional strength checks run locally.
- Optional breach check is off by default and only runs if you enable it.
Generated locally in your browser. Never sent to a server.
Settings
Passphrases are generated locally using a built-in word list and Web Crypto randomness.
PINs are generated locally. For 4-digit PINs we avoid birth years and common date patterns. Alphanumeric passcodes are recommended where supported. See our PIN security guide for tips. You can also check a 4 digit PIN on our PIN risk map.
Advanced settings
This stays on your device and is cleared when the tab closes.
Strength
How it works
- Your password is generated entirely in your browser using the Web Crypto API.
- No data is sent to any server. The tool works offline too.
- Each selected character set is guaranteed at least one character in the output.
- A Fisher-Yates shuffle ensures uniform distribution across all positions.
- Strength is measured in bits of entropy based on your chosen settings.
Password Tips
- Use at least 16 characters for important accounts. Longer is stronger.
- Consider passphrases: a few random words joined together can be both strong and memorable.
- Never reuse passwords across sites. If one account is breached, all shared passwords are at risk.
- Use a reputable password manager so you only need to remember one master password.
- Enable multi-factor authentication (MFA) wherever available for an extra layer of protection.
For more guidance, see the UK National Cyber Security Centre advice on passwords.
Frequently Asked Questions
Is this password generator safe?
Yes. Passwords are generated entirely in your browser using the Web Crypto API. Nothing is sent to any server, and no data is stored. You could disconnect from the internet and it would still work.
Do you store my passwords?
No. Your passwords are never transmitted or recorded. All generation happens locally in your browser and nothing is logged.
What length should I use?
We recommend at least 16 characters for general use. For high-value accounts such as email or banking, aim for 20 characters or more. Longer passwords have exponentially more entropy.
Are symbols required?
Symbols increase the character pool and therefore the entropy, but a longer password with mixed case and numbers can be equally strong. Use symbols where the service allows them.
Should I use a password manager?
Yes. A password manager lets you use a unique, strong password for every account without needing to memorise each one. It is one of the most effective steps you can take for your online security.
How does the strength checker work?
The password strength checker estimates entropy based on the character pool and length, detects common patterns like keyboard runs and repeated characters, and checks against a list of frequently used passwords. All checks run locally in your browser.