Password Generator

Generate strong, random passwords with cryptographic randomness.

No signup requiredAlways free to use256-bit secureNever leaves your device

You usually reach for a password generator at the worst moment — signing up for a new account, resetting one that was just breached, or setting up a router. The password your browser suggests is fine, but it is tied to that browser; this one works anywhere, lets you control exactly how long and complex the result is, and runs entirely on your device so the password is never transmitted before you have even used it.

16
8 chars64 chars

Include

Options

1
1 password10 passwords
Very Strong
~103 bits of entropy

How to use Password Generator

  1. 1

    Set the length. The slider goes well past 16 — drag it to 20 or higher for anything that matters. Length is the single biggest factor in how hard a password is to crack.

  2. 2

    Choose your character types. Uppercase, lowercase, numbers and symbols are on by default. Leave them all on unless a specific site rejects symbols.

  3. 3

    Turn on 'exclude ambiguous characters' only if you will type the password by hand — it drops 0/O and 1/l/I so you do not misread them. For passwords going straight into a manager, leave it off for maximum randomness.

  4. 4

    Click Generate. The strength meter shows the entropy in bits — aim for 'Very Strong' (80+ bits).

  5. 5

    Click Copy and paste it straight into your password manager and the signup form. Generate a fresh one for every account; never reuse.

Things to know

Length beats complexity

A 20-character password of only lowercase letters is far harder to crack than an 8-character password stuffed with symbols. Each extra character multiplies the number of guesses an attacker needs. Reach for length first, character variety second.

Reuse is the real danger, not weakness

When one site is breached, attackers replay that exact email-and-password pair against banks, email and shops — 'credential stuffing'. A unique generated password per site means one breach stays contained to one account.

Don't try to memorise these

Random passwords are designed to be stored, not remembered. Use a password manager and you only ever memorise one long passphrase. Hand-typing a 24-character random string on a phone is where 'exclude ambiguous characters' earns its place.

crypto.getRandomValues, not Math.random()

This generator uses the browser's cryptographic random source — the same one password managers rely on. Math.random() is predictable enough to be reconstructed and must never be used for passwords. That choice is why these results are safe to trust.

Why Criply

Private by default

Client-side tools never upload your files. Server-side tools delete them immediately after processing.

No account needed

Just upload and go. No email, no password, no account — ever.

Works on any device

Fully browser-based. Works on desktop, tablet, and mobile with nothing to install.

Frequently asked questions

Passwords are generated using the Web Crypto API (crypto.getRandomValues), which produces cryptographically secure random numbers — the same standard used by password managers. Math.random() is never used.

Related tools

Generate strong, random passwords using your browser's cryptographic random number generator (crypto.getRandomValues) — never Math.random(). Control length, character sets, and quantity. Includes an entropy-based strength indicator. Free, no signup, nothing is logged or stored.