Free secure password generator

Generate a strong, random password, passphrase, or PIN instantly in your browser. This free secure password generator runs entirely on your device using the Web Crypto API, so nothing you generate is sent to a server, logged, or stored. No sign-up, no tracking.

Choose at least one character type

Copied to clipboard

Strength Very strong · 129 bits of entropy

An offline attacker guessing 100 billion times per second would need about longer than the age of the universe to find it.

At least one character class stays on, since a password needs a character set to be drawn from.

How the secure password generator works

1

Set your options

Pick a password, passphrase, or PIN, then choose the length, the character classes, and whether to exclude look-alike characters.

2

Generate

Your browser draws random bytes from the Web Crypto API, and selects characters by rejection sampling so no character is more likely than another.

3

Copy it

Copy the result straight into your password manager. The secret never transits the network, so it cannot be intercepted, logged by a server, or leaked in a breach of ours.

Private by design — nothing leaves your browser

Most online password generators send your settings to their servers, and some return a password the server itself chose. A password you did not generate yourself is not a secret. This one never makes a network request:

01

100% client-side

The password is generated on your device with the browser's Web Crypto API. No network request is made when you click Generate.

02

Nothing stored or logged

No account, no analytics on what you generate, no history kept. Reload the page and the previous password is gone for good.

03

Open and verifiable

Randomness comes from your operating system through cryptographically secure random number generator, not from cryptography we rolled ourselves.

What the generator guarantees

  1. Every character class you enable appears at least once in the result.
  2. Characters are chosen by rejection sampling, so the output carries no modulo bias.
  3. The final string is shuffled with Fisher-Yates, so guaranteed characters are not predictably placed at the front.
  4. The entropy shown is computed from your settings, not from the string on screen, which is the figure an attacker actually faces.

Built for developers and security-conscious teams

Anyone who needs a secret that no one else has ever seen, from a root credential to a Wi-Fi passphrase. The same principle drives BlockSurvey's zero-knowledge surveys: the data is protected on the device, not on somebody's server.

Developers

Generate database passwords, service credentials, and seed values without pasting them into a third-party site first.

Security & IT teams

Issue break-glass admin passwords and rotate shared credentials with a documented entropy figure you can put in a ticket.

Privacy-conscious users

Create a master password or disk-encryption passphrase you can actually remember, using the passphrase mode.

Building something that handles sensitive data?

BlockSurvey runs on zero-knowledge surveys — collect responses without them ever being sold, mined, or exposed. The same client-side principle as this tool, applied to your forms.

Frequently asked questions

Is this secure password generator free?

Yes, completely free with no sign-up, no email wall, and no usage limit. You can generate as many passwords, passphrases, or PINs as you need.

Does anything I generate get sent to a server?

No. Every password is generated on your device by your browser and never leaves it. The page makes no network request when you click Generate, nothing is logged, and no history is kept. You can confirm this yourself by opening your browser's network tab while generating, or by disconnecting from the internet first.

How is the password generated? Which source of randomness is used?

Randomness comes from the browser's Web Crypto API, which is backed by the operating system's cryptographically secure random number generator. Characters are selected using rejection sampling rather than a modulo operation, so every character in your chosen set is equally likely and the output carries no modulo bias.

Is this cryptographically strong?

Yes, when you keep the defaults. A 20-character password drawn from lowercase, uppercase, digits, and symbols is picked from an 86-character set, which is about 129 bits of entropy, far beyond what any offline cracking attack can exhaust. The tool shows the exact entropy for your current settings so you never have to guess.

Can I use this offline?

Yes. Load the page once, then disconnect from the internet, and the generator keeps working because all of the logic runs in your browser. This is also the simplest way to verify that no password is being transmitted.

How long should my password be?

Use at least 16 characters for an account you care about, and 20 or more for password-manager-stored logins, encryption keys, and admin accounts. Length raises entropy faster than adding character classes does: adding one character to a 4-class password adds about 6.5 bits, while switching from three classes to four adds under 10 bits in total.

Should I use a password or a passphrase?

Use a password for anything stored in a password manager, and a passphrase for the handful of secrets you must type or remember, such as your master password or a disk-encryption passphrase. The passphrase mode uses the EFF short wordlist of 1,296 words, so each word contributes about 10.3 bits of entropy: the default of six words gives roughly 62 bits, which is strong for a memorable secret.

What does the entropy number mean?

Entropy in bits measures how many guesses an attacker needs. Each extra bit doubles that number, so a 60-bit secret takes about 2^60 guesses to exhaust. Anything at or above 75 bits is considered strong against offline attacks on a stolen password database, and at or above 100 bits leaves a large safety margin.
Scripts are blocked. This site won’t work properly. If you’re using Brave, click the Shields icon and turn off Block scripts. Otherwise disable your ad blocker for this site.