Password Generator
Random characters or a memorable passphrase, your call. Both use
crypto.getRandomValues with proper bias rejection. The
entropy meter shows the actual bits — not a vague "weak / medium /
strong" guess.
Two modes
- Random — character-level random. Use when the password lives in a password manager and you never type it. Best entropy per character. Toggle character classes; exclude similar (1lI0O) for cases where you might transcribe it.
- Passphrase — memorable random words. Use for the master password of a password manager, laptop login, anything you have to actually type. 5 words from a 256-word list = 40 bits, enough for almost everything. Append 2 digits for an easy 6.6 extra bits.
The entropy bar — what it actually means
Entropy in bits is a measurement of how many guesses an attacker would need on average. Each bit doubles the number of guesses:
- 40 bits ≈ 1 trillion guesses — defeats opportunistic GPU attacks (~10 billion guesses/sec); falls in days against a determined attacker.
- 60 bits ≈ 1 quintillion — falls in hundreds of years on current hardware. Comfortable for non-targeted threats.
- 80 bits ≈ industry standard for "strong." Past current attacks even with significant compute.
- 128 bits ≈ same security level as a fresh AES-128 key. Past any feasible attack short of attacks-on-the-storage rather than attacks-on-the-password.
These numbers assume the password is the only thing in the way. If the site you're using stores passwords in plain text or with weak hashing, no password length saves you. See hash.tooljo.com/which-hash-function for what server-side password storage should actually look like (argon2id, scrypt, or bcrypt — not SHA-256).
Common use cases
- New account on any site — generate a 20-char random password, save in your password manager. Done.
- API token / service password — 32+ characters, all charsets. Treat like a key.
- Wi-Fi password — passphrase mode. Easier to type on a phone keyboard.
- Master password (password manager, encryption) — 6-word passphrase, optionally with separator and digits. Memorable; high entropy.
- Temporary share — generate, copy, share over an out-of-band channel, immediately rotate after use.
What this tool does not do
- Store passwords for you — use a real password manager (Bitwarden, 1Password, KeePassXC).
- Tell you if a password has been pwned — that requires checking against breach lists. Use haveibeenpwned.com/Passwords with the k-anonymity API.
- Hash passwords for storage — see hash.tooljo.com/which-hash-function. The short version: argon2id, scrypt, or bcrypt — never plain SHA.
- Tell you which sites have leaked your password — same haveibeenpwned reference.
Related tools
- hash.tooljo.com — hash a password with SHA-256 (e.g. for HMAC keys or non-storage purposes).
- Which hash function should you use? — for the password-storage question.
- jwt.tooljo.com — for HMAC-signed token secrets, generate one from this page (32+ chars, all charsets).
- guid.tooljo.com — for opaque session identifiers (UUID v4 is the right primitive).
FAQ
Is the password sent anywhere?
No. Generation uses crypto.getRandomValues in your browser. Open DevTools → Network and confirm: zero requests during generation. The password never leaves your device.
Why is randomness done with crypto.getRandomValues and not Math.random?
Math.random() is fast and predictable enough that an attacker who sees one output can predict the next. crypto.getRandomValues uses the OS's CSPRNG (cryptographically secure pseudo-random number generator) — the same source used to derive TLS session keys. We also reject biased modulo bytes (most generators don't) so every character has equal probability.
What's a 'passphrase' and when should I use one over a random password?
A passphrase is several random words concatenated. "cyber-bonsai-anchor-cinder-emerald" is much easier to memorise than "kP3@x9Vz!Q7m" and, at 5 words from a 256-word list, has 40 bits of entropy — enough to defeat anything short of a targeted nation-state attack on a poorly-hashed database. Use a passphrase wherever you have to type the password regularly (laptop login, master password). Use a random password for everything you can store in a password manager.
How long should my password be?
For password-manager-stored credentials: 16+ random characters from a full charset (~96 bits) is well past current attack capability. For things you type: a 5-word passphrase or 12+ character random with all charsets enabled. See our full guide for the math.
Why exclude 'similar' or 'ambiguous' characters?
'Similar' (1, l, I, 0, O) reduces transcription errors when you have to read the password aloud or copy from a screenshot. 'Ambiguous' (`'") reduces shell-quoting bugs when the password ends up in a terminal command. Both reduce entropy slightly — toggle them on if you're going to be typing the password by hand, off if it lives in a password manager.
Does this generator have any bias I should know about?
Most online generators do — they call crypto.getRandomValues for one byte and do byte % charset_length, which biases the first N characters where N = 256 mod charset. We reject those bytes and re-roll, so every character of every charset is equally likely. Verifiable by reading the source.