Strong random passwords need two things: a large character pool and a real source of entropy. This generator uses the browser's crypto.getRandomValues — a CSPRNG seeded by the operating system — to draw each character independently from the pool you select. The entropy badge under the output shows the resulting strength in bits, so you can pick a length that matches the threat you care about.
Each generated password is built by filling a Uint32Array with secure random integers and mapping each one (modulo the charset size) to a character. Bulk mode just repeats the process for the count you set. There is no tracking, no logging, no server round-trip — once the page closes, the passwords are gone, so save them to a manager immediately.
Each character index is drawn from a Uint32Array filled by window.crypto.getRandomValues, the browser's CSPRNG (cryptographically secure pseudo-random number generator). It's the same source TLS, WebAuthn and Web Crypto use — Math.random is never involved.
The badge under the output shows ~bits of entropy = length × log2(charset size). 64-72 bits is usually fine for a vault-stored password; 80-128 bits is better for keys you can't easily rotate. With all four character classes a 16-character password gives ~104 bits.
If you ever need to read or type a password aloud, the look-alike characters cause errors. The toggle removes them from the pool, which slightly lowers entropy per character but is worth it for printed or dictated passwords.
No. They are generated in your browser and rendered to the page only — there is no telemetry, no server round-trip, and we have no copy. Save them to a password manager immediately; once you close the tab they are gone.
Explore the full suite of Security tools and 290+ other free utilities at Chunky Munster.