Tools Features Blog About Contact
Open Tools
Open Tools Tools Features Blog About Contact

Password Generator

Create strong, secure passwords instantly. All processing happens locally in your browser for complete privacy.

Generate Secure Password

Click Generate to create a password
Password Strength: Very Weak

Basic (12 chars)

Strong (16 chars)

Maximum (20 chars)

PIN Code (6 digits)

Length & Quantity

Number of passwords:

Character Types

Uppercase Letters (A-Z)
Lowercase Letters (a-z)
Numbers (0-9)
Symbols (!@#$%^&*)

Advanced Options

Exclude similar characters (i, l, 1, o, 0)
Exclude ambiguous characters ({ } [ ] ( ) / \ ' " ` ~)
Include at least one of each type
No repeated characters

Generated Passwords

How to Create Passwords That Actually Hold Up

A password is only as good as how hard it is to guess. Attackers rarely sit at a login screen typing guesses by hand. Instead they run automated programs that test millions or billions of combinations against leaked databases or live services. The question that matters is simple: how many guesses would it take, on average, before the program lands on yours? This generator builds passwords designed to push that number far beyond what any practical attack can reach, and it does the whole job inside your browser so the result never travels across the internet.

Length Beats Cleverness

When people try to make a password "strong," they usually reach for tricks: swapping an "a" for "@", adding a "!" at the end, capitalising the first letter. Those tricks help a little, but they are predictable, and the programs that crack passwords already know every one of them. What genuinely defeats a brute-force attack is length. Each extra character multiplies the number of possible combinations, so the difficulty grows exponentially rather than little by little.

Think of it this way: a short password drawn from a big alphabet still has a small number of possible arrangements, while a long password has an astronomically large number even before you add symbols. That is why the length slider on this page runs from 6 up to 32 characters and defaults to 16. For an everyday account, 12 to 16 characters is a sensible floor. For anything you would hate to lose, push toward 20 or more using the Maximum preset. The six-character PIN preset exists for the narrow cases that demand it, such as a phone unlock code, and is deliberately the weakest option here.

Understanding "Entropy" Without the Maths

You will often see password strength described in terms of entropy, measured in bits. You do not need the formula to use the idea. Entropy is just a way of counting how many equally likely passwords a generator could have produced. More bits means a bigger haystack for the attacker to search through, and every extra bit roughly doubles that haystack. Two things raise entropy: making the password longer, and drawing each character from a larger pool. That is exactly what the character-type checkboxes control. Turning on uppercase letters, lowercase letters, numbers, and symbols together gives every position dozens of possible values instead of just a handful, so a fully random 16-character mix is dramatically harder to crack than a 16-character string of only lowercase letters.

Why Generating It Here Is Safer

Every password on this page is assembled by JavaScript running on your own device. Nothing you generate is uploaded, logged, or stored on a server, because there is no server step at all. When you close the tab, the passwords are gone unless you copied them somewhere yourself. That matters because the moment a fresh password is transmitted or saved to someone else's system, it becomes something that can be intercepted or leaked. A password you never sent anywhere cannot be stolen in transit. The advanced options also let you exclude visually similar characters such as the lowercase L, the number 1, the capital O and the number 0, which is useful when you may need to read a password aloud or type it from a screen onto another device.

Passphrases: A Friendlier Alternative

Random character strings are excellent for accounts you store in a password manager, but they are miserable to type or memorise. For the handful of passwords you genuinely have to remember, such as the master password for your manager or your device login, a passphrase is often the better tool. A passphrase strings several unrelated words together, for example a random sequence like "harbor-cactus-velvet-ledger." Because it is long, it carries a lot of entropy, yet because it is made of real words it is far easier to recall than an equivalent jumble of symbols. The key is that the words must be chosen at random and unrelated to you; a phrase pulled from a song lyric or a famous quote is easy for software to guess.

Use a Password Manager and Never Reuse

The single most damaging habit in personal security is reusing one password across many sites. When any one of those sites suffers a breach, attackers take the leaked email-and-password pairs and try them everywhere else, a technique called credential stuffing. One leak then unlocks your email, your shopping accounts and possibly your bank. The fix is to give every account its own unique password, and the practical way to manage hundreds of unique passwords is a dedicated password manager. A reputable manager encrypts your vault, fills passwords in for you, and can hold the long random strings this generator produces so you never have to remember them. Generate a password here, copy it with the Copy button, and paste it straight into a new entry in your manager.

How Often Should You Change Them?

The old advice to rotate every password every 30 or 90 days has fallen out of favour, because forced frequent changes tend to push people toward weak, predictable variations like adding a rising number to the end. Current thinking is to keep a strong, unique password in place and change it when there is a reason to: after a service tells you it was breached, if you ever typed it on a device you do not fully trust, or if you suspect it was seen by someone else. The exception is shared or high-value credentials, which still benefit from periodic refreshes.

Common Mistakes to Avoid

  • Building passwords from personal facts: names, birthdays, pet names and addresses are the first things an attacker tries.
  • Relying on keyboard patterns: sequences like "qwerty" or "123456" feel random but are in every cracking dictionary.
  • Storing passwords in a plain document or sticky note: a text file or note can be read by anyone with access to the device.
  • Reusing a "base" password with small tweaks: if one is exposed, the pattern gives the rest away.
  • Choosing too short for the sake of convenience: a memorable six-character password offers little real protection for an important account.

How It Works in Your Browser

This tool is a self-contained page. The character sets, the length and option controls, and the strength meter all run as code on your device. When you click Generate, your browser picks characters from the pools you selected, optionally guarantees at least one of each chosen type, shuffles the result, and shows it on screen. No account, no sign-up and no upload is involved at any point. Because the work happens locally, the generator stays fast and keeps functioning even if your connection drops, and your generated passwords are never shared with Quick Merge or anyone else.

Frequently Asked Questions

How long should my password be?

For most accounts, aim for at least 12 to 16 characters with a mix of character types. For sensitive accounts such as email, banking or your password manager's master entry, use 20 characters or more. Length is the factor that most reliably increases the effort needed to crack a password, so when in doubt, make it longer.

Are the passwords sent anywhere or saved?

No. The generator runs entirely in your browser using local JavaScript. Passwords are created on your device, displayed on screen, and never transmitted to a server or stored by us. Once you close or refresh the page they are gone unless you copied them into a password manager or another safe location yourself.

What do the "exclude similar" and "exclude ambiguous" options do?

Excluding similar characters removes the ones that are easy to confuse when reading or re-typing a password, such as lowercase L, uppercase i, the number 1, the letter O and the number 0. Excluding ambiguous characters removes punctuation like brackets, slashes and quotation marks that some systems handle awkwardly. Both options trim the character pool slightly, so for maximum strength leave them off and rely on a password manager to store the result.

Should I use a password or a passphrase?

Use a long random password for any account you can store in a password manager, because you never have to type it from memory. Reserve a passphrase made of several random, unrelated words for the few credentials you must remember yourself, such as your device login or your manager's master password. Both can be very strong when they are long enough; the difference is how easy they are to recall.

Why can I generate several passwords at once?

The quantity selector lets you produce up to twenty passwords in a single click. This is handy when you are setting up multiple accounts at the same time, creating credentials for a small team, or simply want a list to choose from. Each one is generated independently with the same options, and you can copy any individual entry from the list.