How it works
This password generator creates random passwords by drawing characters from the sets you enable. You control the total length and which character types to include—uppercase letters, lowercase letters, digits, and special symbols. Each time you regenerate, the tool shuffles a fresh combination, ensuring no two passwords are identical unless you specifically request the same settings again.
The randomness is the key to security. Predictable patterns (like "Password123!") are vulnerable to dictionary attacks and brute-force guessing. A truly random password, especially a long one with mixed character types, is exponentially harder to crack.
The formula
Password strength = log₂(character pool size ^ length)
This represents the number of possible combinations. A 12-character password using all four character types (uppercase, lowercase, numbers, symbols) has roughly 94^12 ≈ 475 trillion possible combinations—far beyond what any attacker can feasibly test in reasonable time.
Worked example
Let's generate a secure password for a bank account.
Your settings:
- Length: 16 characters
- Uppercase: ✓ enabled (A–Z, 26 options)
- Lowercase: ✓ enabled (a–z, 26 options)
- Numbers: ✓ enabled (0–9, 10 options)
- Symbols: ✓ enabled (!@#$%^&*, 32 common options)
Character pool size: 26 + 26 + 10 + 32 = 94 characters
Generation process: The tool randomly selects 16 characters from this pool of 94, one at a time. A possible output might be:
7mK#pL9@vQx2R$Hs
Breaking it down:
7– numberm– lowercaseK– uppercase#– symbolp– lowercaseL– uppercase9– number@– symbolv– lowercaseQ– uppercasex– lowercase2– numberR– uppercase$– symbolH– uppercases– lowercase
Strength estimate: With 94^16 possible combinations (≈ 475 quadrillion), this password would take a modern computer trillions of years to crack by brute force alone.
If you need something shorter—say, a 10-character password for a less critical service—you'd still keep all four character types enabled. Even 94^10 (≈ 60 billion combinations) provides solid protection for everyday accounts.
Tips for strong passwords
Length matters most. A 16-character password with just lowercase and numbers is stronger than a 10-character password with all four types. Aim for at least 12 characters for important accounts (email, banking, password manager).
Use all four character types when the service allows. Not every site accepts symbols; in those cases, enabling uppercase, lowercase, and numbers is the next best choice.
Store passwords securely. Use a password manager (Bitwarden, 1Password, KeePass) to store generated passwords safely. Never paste them into unencrypted notes or email.
Regenerate until you're comfortable. There's no penalty for clicking the reroll button multiple times. Some people prefer passwords without consecutive repeated characters or patterns that look random—keep generating until you get one you trust.
Different passwords for different accounts. Reuse the same strong password across multiple sites, and one breach exposes all of them. Generate a unique password for each service.
Note: This calculator generates passwords client-side in your browser. No password is transmitted to any server or stored anywhere. For added peace of mind, disconnect from the internet before generating passwords for your most sensitive accounts (though this is rarely necessary).