When security matters more than memorability, you need a password that is truly random. No patterns, no dictionary words, no guessable sequences. This tool generates cryptographically secure random passwords using your browser’s built-in security engine. Choose your character types, set your length, and copy the result.
Random passwords are the gold standard for accounts protected by a password manager. Since your password manager remembers the password for you, there is no reason to make it memorable. Instead, make it as random and as long as possible.
Use this random password generator for:
where you do not need to type the password manually
that are stored securely
that need to be strong but never memorised
that are entered once per device
and other secrets where maximum entropy matters
If you need a password you can actually remember (for example, your master password or a login you type daily), try our User Password Generator instead, which builds secure passwords from memorable words.
Steps
Select which types of characters to include: lowercase, uppercase, numbers, and symbols. All four are enabled by default for maximum security.
Remove ambiguous characters like 0 and O, or 1 and l, that can cause confusion when reading or typing passwords manually.
Use the slider to choose your password length, from 8 to 128 characters. Longer is always stronger. We recommend at least 20 characters for important accounts.
Click the button to generate your password. Use the refresh button to generate another without changing your settings. Copy it with one click.
These checkboxes control which types of characters are included in your generated password. All four are enabled by default, which gives you the strongest possible password.
Standard lowercase letters. These provide 26 possible characters per position.
Capital letters. Adding uppercase doubles the alphabetic pool to 52 characters, making the password significantly harder to crack.
Digits 0 through 9. Adds 10 more possible characters per position. Most password policies require at least one number.
Special characters including punctuation, brackets, and mathematical operators. These add roughly 28 more possible characters per position and are the single biggest boost to password strength. Only untick this if a system specifically rejects special characters.
When all four types are enabled, each position in your password can be one of 92 possible characters. That is what gives random passwords their strength.
This optional field lets you remove specific characters from the pool before the password is generated. Type any characters you want to exclude directly into the field.
Characters like 0 and O, or 1 and l and I, can look identical in many fonts. If you ever need to type or read the password manually, excluding these avoids confusion.
Some systems reject certain special characters. If you know a system does not accept , for example, you can exclude them here.
If you are generating a Wi-Fi password that guests need to type manually, removing hard-to-find characters like |, ~, or { makes it easier.
Meets minimum requirements but provides limited protection. Only use this for low-value, temporary accounts.
A good default for most accounts when using a password manager. Provides strong protection against brute-force attacks.
Excellent for important accounts like email, banking, admin logins, and encryption keys.
Maximum security. Suitable for API keys, encryption passphrases, and anywhere extreme security is needed. Most online services accept passwords of at least 64 characters, and many support 128 or more.
The circular arrow button next to the copy button generates a new password using your current settings. This is faster than clicking the main “Generate Random Password” button and is useful when you want to quickly cycle through options until you see one you like.
After generating a password, the strength meter appears showing:
The password does not provide adequate protection. This typically means it is too short or uses too few character types.
Meets basic requirements but is vulnerable to targeted attacks. Consider increasing the length or enabling more character types.
Provides solid protection for most accounts.
Well above average. Suitable for important accounts and service credentials.
Provides excellent protection. A password rated "Very Strong" by this tool would take longer than the lifetime of the universe to crack with current technology.
The detail line shows three values: the character count, the estimated entropy in bits (a measure of randomness), and the character pool size. Higher entropy means a more secure password.
Every character is selected using crypto.getRandomValues(), the same cryptographic engine used by your browser for secure communications. This is not Math.random(). There are no patterns to exploit.
When you select multiple character types, the generator guarantees at least one character from each type. This means your password will always meet complexity requirements set by IT policies.
The password is generated entirely on your device. No network requests are made. Nothing is logged, stored, or transmitted. Close the tab and it is gone.
A live entropy calculation shows you exactly how strong your password is, measured in bits of entropy. A 20-character password with all character types gives you approximately 130 bits of entropy, far beyond what any attacker can brute-force.
These estimates assume an attacker with access to modern GPU hardware running billions of guesses per second.
Call us: 0800 208 8456 | Email: hello@cyberkaizen.co.uk
