Password Generator
Your Password
Show the math
What Your Result Means
- Password Display: Your unique random password appears in the box above, ready to copy and use.
- Strength Meter Scale: Weak (0–2 points), Fair (3–4), Good (5), and Strong (6–7) based on length plus character variety.
- Entropy (Bits): A measure of how many guesses an attacker would need. More bits = safer password. 50+ bits is excellent for most accounts.
- Character Pool Impact: Adding uppercase, numbers, or symbols dramatically increases the pool size, which is why mixed characters matter.
How This Calculator Works
Select your password length and which character types to include (uppercase, lowercase, numbers, symbols). The calculator builds a pool from your selections, then picks random characters one at a time using Math.random(). Everything happens in your browser—nothing is sent to any server. The strength meter computes a simple score based on length (the strongest factor) and the number of character types, then displays entropy in bits to show the mathematical security level.
Quick Questions
Is Math.random() secure enough for passwords?
Math.random() is suitable for everyday passwords on regular accounts. For high-security applications (cryptocurrency wallets, master passwords), use a dedicated password manager or hardware solution that uses cryptographic randomness.
How long should my password be?
16+ characters is strong. 12 characters is fair. Aim for at least 50 bits of entropy (shown in the math). Length beats complexity—a 20-character password with just lowercase is stronger than a 10-character mix.
Should I use all character types?
Use what the site requires. If optional, mixing uppercase, numbers, and symbols adds safety against targeted guessing. But a long password with just lowercase is safer than a short password with every type.
Is this better than a passphrase?
Both work well. Passphrases (like "correct-horse-battery-staple") are easier to remember and equally strong if long enough. This generator suits sites that don't allow spaces or special punctuation.
Should I use a password manager instead?
Yes, absolutely. Password managers store generated passwords securely and auto-fill them. This generator is for quick, temporary passwords or learning how randomness works.
Sources
- NIST SP 800-63B — Digital Identity Guidelines (password security standards and entropy requirements)
- OWASP — Authentication Cheat Sheet (best practices for password generation)
- Wikipedia — Password Strength (entropy calculation and security metrics)
Method & review
Estimate only. Results reflect your inputs and standard formulas. Double-check important decisions independently.