Text & Generators

Password Generator

Create strong random passwords with custom length and character sets — generated locally, never sent anywhere.

No data sent or stored

Completely FREE password generator. No signup, generated locally, never transmitted. Create one or a batch of strong random passwords with the length and character sets you choose. Generation uses your browser's cryptographic random number generator — the passwords exist only on your screen until you copy them, and regenerating or leaving the page destroys them.

Loading tool…
Next step QR Batch Generator Generate multiple downloadable QR codes from lines of text.

Your data never reaches us

Nifty Utilities has no backend server, database, user accounts, or endpoint capable of receiving your tool inputs. Files and entries are processed inside your browser. We cannot view, capture, or store them.

What makes a password strong

Strength is measured in entropy — the number of equally likely possibilities an attacker must try. Each character drawn from a 90-character alphabet adds about 6.5 bits; a 20-character password from all four character sets carries roughly 130 bits, far beyond any brute-force capability. The tool shows the entropy estimate for your current settings. The two levers are simple: longer beats fancier, and random beats memorable. A 16-character random password is enormously stronger than "Summer2026!Dallas" no matter how clever the substitutions feel.

The character-set options

Lowercase, uppercase, digits, and symbols can each be toggled. Every selected set is guaranteed to appear at least once — some sites reject passwords missing a digit or symbol, and this guarantee prevents the occasional all-letter draw. The exclude look-alikes option removes characters that read ambiguously (capital I, lowercase l, the digit 1, capital O and zero) — worth enabling for any password someone might read off a screen or type from paper, at a negligible entropy cost.

How the randomness works

Characters are drawn with crypto.getRandomValues(), the browser's cryptographically secure generator — the same source password managers use. The implementation uses rejection sampling to avoid modulo bias, so every character in the alphabet is exactly equally likely. This is meaningfully different from Math.random()-based generators, whose output is predictable enough that they should never produce secrets.

What to do with a generated password

Copy it into a password manager — that's the intended workflow. A password manager remembers it, autofills it, and makes per-site unique passwords practical, which matters more than any individual password's strength: the real-world killer is reuse, where one breached site unlocks your accounts everywhere else. If you must write a password down, treat the paper like a key, not like a note.

Why a batch option

Generating five or ten at once is handy when provisioning several accounts, seeding a team's initial credentials (each to be changed on first login), or just picking the one you find least annoying to transcribe. Every password in the batch is generated independently.

Frequently asked questions

Are the generated passwords sent anywhere or logged?

No. Generation happens in your browser's memory using local cryptographic randomness. This site has no server that could receive them, no analytics on the passwords themselves, and no storage — reloading the page produces a fresh, unrelated batch.

How long should a password be in 2026?

For anything protected by a good password manager, 20+ random characters costs you nothing and ends the conversation. For passwords a human must type regularly, 14–16 random characters (about 90–105 bits) remains far beyond practical attack. Below 12 random characters, margins start depending on how the site stores passwords — longer is the cheap insurance.

Is a passphrase like "correct horse battery staple" better?

Four to six random dictionary words are excellent when a human must memorize the secret — comparable entropy to a 12–14 character random string and far easier to recall. For everything a manager autofills, random characters are denser per keystroke. The unifying rule: the words or characters must actually be chosen at random, not by you.

Important

This tool provides estimates and general-purpose documents, not financial, tax, legal, or professional advice. Verify important results before relying on them.

Support

Problem with this tool or suggestions for improvement? Please email support@niftyutilities.com.