TextArray
100% local

Password generator

Create a strong random password in your browser, with no server involved.

20
Output

Password generator

Generate a strong, random password and see exactly how strong it is. Set the length anywhere from 6 to 64 characters and choose which character sets to draw from: uppercase letters, lowercase letters, digits and symbols. The password appears immediately and changes every time you adjust an option or press the button.

Every set you tick is guaranteed to appear at least once, so a password with digits enabled will always contain a digit — no more rerolling until the result satisfies a signup form. The characters are then shuffled, so the guaranteed ones are not stuck in predictable positions. If a site or a handwritten note makes lookalike characters a problem, turn on "Exclude ambiguous characters" to drop O, 0, I, l, 1 and other easily confused glyphs from the pool.

The tally under the password shows its length, how many character sets are in play, the approximate entropy in bits and a plain-language strength rating. Entropy is the honest measure: it counts how many guesses an attacker would need on average, calculated as length multiplied by the base-2 logarithm of the pool size. Below 45 bits is weak, 45 to 70 is fair, 70 to 100 is strong and anything above that is very strong. Length helps more than exotic symbols, so a longer password from a smaller set often beats a short one full of punctuation.

Randomness comes from your browser's cryptographic generator, crypto.getRandomValues, using rejection sampling so that no character is more likely than another. Nothing is transmitted: the password is created on your device and never reaches a server, so you can paste it straight into your password manager.

FAQ

Is the password sent anywhere?
No. It is generated in your browser with JavaScript and nothing is transmitted — no server, no logging, no analytics of the value. You can disconnect from the network and the tool still works.
How random is it really?
It uses crypto.getRandomValues, the browser's cryptographically secure random source, with rejection sampling so every character in the pool is equally likely. Math.random is never used.
What length should I choose?
Twenty characters with mixed sets is comfortably strong for almost any account. Go longer for password manager master passwords or encryption keys — the entropy reading in the tally tells you where you stand.
What does "exclude ambiguous characters" do?
It removes lookalike glyphs such as O, 0, I, l, 1 and quotes from the pool. Use it when the password will be read aloud, typed from paper or entered on a keypad. It slightly lowers entropy, which the tally reflects.
Why does the same password never come back?
Each run draws fresh random values, so the odds of a repeat are negligible. Copy the password before you change an option, because the previous one is not stored anywhere.