How long should my password be?

Security experts recommend at least 16 characters for sensitive accounts. For critical accounts such as email and banking, use 20+ characters with all character sets enabled.

What makes a password strong?

A strong password is long (16+ characters), uses a mix of uppercase, lowercase, numbers and symbols, and is unique for each account — never reused across sites.

Free Password Generator Online

Create strong, cryptographically random passwords in seconds. Customise length and character sets, then copy to clipboard instantly.

🔒 100% Private ⚡ Instant 🆓 Free

Generated Password

Password Strength

Password Length: 16

Uppercase (A–Z) Lowercase (a–z) Numbers (0–9) Symbols (!@#$%^&*) Exclude similar (0Oo1Il) Exclude ambiguous ({[]/\|`~)

Bulk Generate

About the Password Generator

This free online password generator uses the browser's built-in crypto.getRandomValues() function — the same cryptographically secure random number generator used by professional security software. Unlike pseudo-random number generators, this source of entropy is unpredictable and cannot be reproduced, making your passwords genuinely hard to guess or brute-force.

Every password is generated locally in your browser. Nothing is sent to ToolZeel's servers or any third party. You can even use this tool while offline once the page has loaded.

Your preferred settings (length, character sets) are saved to localStorage and automatically restored on your next visit, saving you time without any privacy cost.

How to Generate a Strong Password

Set Length

Drag the slider to choose a length between 4 and 128 characters. 16+ is recommended for most accounts; 20+ for email and banking.

Choose Character Sets

Tick the character types to include. Using all four sets (upper, lower, numbers, symbols) maximises entropy.

Generate

Click the refresh icon or change any setting — a new password is generated automatically every time.

Copy & Use

Click the copy icon to copy the password to your clipboard, then paste it directly into your password manager.

Key Features

Cryptographically secure via crypto.getRandomValues()
Password length from 4 to 128 characters
Independent toggles for uppercase, lowercase, numbers, symbols
Exclude visually similar characters (0, O, o, 1, l, I)
Exclude ambiguous symbols for terminal-safe passwords
Real-time strength meter with entropy (bits) display
Bulk generation: create up to 50 passwords at once
Auto-saves preferences to localStorage
Zero network requests — 100% offline-capable

Frequently Asked Questions

No. Passwords are generated entirely inside your browser using the Web Crypto API (crypto.getRandomValues). Nothing is transmitted over the network — you can disconnect from the internet after loading the page and it will still work perfectly.

Security experts recommend at least 16 characters for standard accounts and 20+ characters for critical accounts such as email, banking and password managers. Every extra character exponentially increases the time needed for a brute-force attack.

Entropy (measured in bits) quantifies unpredictability. A 50-bit password means an attacker needs to try up to 2⁵⁰ combinations to guess it. Aim for at least 80 bits of entropy for secure passwords. Longer passwords with larger character sets achieve higher entropy.

Yes. Your last-used length, uppercase, numbers and symbol settings are automatically saved in your browser's localStorage under the key tz_pwgen and restored on your next visit.