PXLTools

Password Generator

Secure random passwords

StrengthVery strong · 100 bits

Generated locally using crypto.getRandomValues.

How to use Password Generator

  1. Set your desired length — 16 characters is a good default.
  2. Choose which character classes to include. More variety + more length = stronger password.
  3. For passwords you will read aloud or transcribe, enable 'Exclude ambiguous characters'.
  4. Copy individual passwords or copy all at once for batch use.

What makes a strong password?

Strong passwords are long, random, and unique. Length is the single biggest factor: a 20-character random password is effectively impossible to crack with current technology, while an 8-character one can fall in minutes.

Unique matters too. A password reused across multiple sites becomes dangerous the moment any one of those sites has a breach — attackers try leaked credentials against every other major service. A password manager removes the mental load of remembering hundreds of unique passwords.

For truly sensitive accounts (email, banking, password manager itself), consider combining a strong password with two-factor authentication. The password alone is still the foundation of account security, but two-factor stops most attacks even when the password leaks.

Frequently Asked Questions

Are these passwords safe to use?
Yes. The randomness comes from crypto.getRandomValues — the browser's cryptographically secure random number generator, designed for generating keys and tokens. This is the same source used by password managers.
How long should my password be?
Minimum 12 characters for personal accounts, 16+ for important ones, 20+ for master passwords, admin accounts, and encryption keys. Length matters more than character variety once you pass around 12 characters.
What does entropy mean?
Entropy measures how unpredictable a password is, in bits. Each bit doubles the number of possible passwords. 60 bits takes a dedicated attacker weeks to crack; 80 bits takes decades; 128 bits is effectively unbreakable with current technology.
Should I use the "exclude ambiguous" option?
Only if you will need to transcribe the password by hand or read it aloud. It removes characters like 0/O, 1/l/I that are easy to confuse. For passwords stored in a manager, keep them on for stronger entropy.