Explore All Tools
DEVELOPER TOOLS

Password Generator

Generate strong, random passwords with full control over length and character sets. Runs entirely in your browser.

Cryptographic RNG Never sent anywhere
Y+IU2UioMDfzba?U6l!&
Very strong
Length20
Character sets

01Why this generator

Strong passwords, safely.

Four reasons security folks and developers use this page instead of mashing the keyboard.

  • 01

    Cryptographically random

    Uses the browser's crypto.getRandomValues — the same source TLS and modern crypto rely on. No Math.random, no predictable seeds.

  • 02

    Tunable character sets

    Toggle uppercase, lowercase, digits, and symbols. Set length anywhere from short PINs to 64-character keys.

  • 03

    Regenerates instantly

    Don't like the result? Tap regenerate. New password, same entropy. Repeat until one looks pasteable.

  • 04

    Never leaves your device

    Generation happens in your browser. The password is never transmitted, stored, or logged. Safe to use even for a primary credential.

02How it works

Length, sets, copy.

  1. Length
    121624

    Step 1Pick a length

    16 characters is fine for most services; 20+ is better; 32+ is overkill in a good way. The slider runs up to 64.

  2. Sets
    A-Za-z0-9!@#

    Step 2Pick character sets

    Toggle uppercase, lowercase, digits, and symbols. Disable any set a service rejects (some still reject symbols).

  3. Copied
    Password7Tq#mXp9Vn$aR4kLCryptographically random

    Step 3Copy the password

    Tap Copy and paste into your password manager. Regenerate if you want another spin.

03Use cases

Where strong passwords matter.

New accounts, API secrets, post-breach rotations — anywhere a random string belongs.

  • New account, new password

    Signing up for a service. Generate a unique 20-character password, save it in your manager, never type it again.

    Fresh login · per-service password

  • API key or secret

    Provisioning a webhook secret or admin token. A long random string here beats anything you can dream up.

    Webhook secret · 32 chars

  • Rotate a leaked password

    Breach notification just landed. Generate a replacement that's nothing like the old one, update the account, move on.

    Post-breach rotation

  • Bootstrap a database user

    Spinning up a service-account login for Postgres or Redis. Random + long + saved straight into the secrets store.

    DB password · 24 chars · symbols

  • Recovery codes you don't have to invent

    Setting up a system that needs preshared codes? Generate a batch and share them through your usual channel.

    Preshared one-time codes

  • Encrypt a zip archive

    Sharing a sensitive file with a coworker over a back channel? Generate a passphrase here and send it via a different medium.

    Zip passphrase · out of band

04Quick tips

Make passwords work for you.

Four habits that turn random strings into actual security.

  • 01

    Longer beats more symbols

    A 24-character all-lowercase password has more entropy than a 12-character one with every set turned on. Length is the cheap win.

  • 02

    Unique per site

    Reusing a password means one breach compromises every account. Generate a fresh one each time and let your password manager remember.

  • 03

    Save before you paste

    Save to your password manager first, then paste into the signup form. Otherwise a fat-finger Cmd+C wipes it out.

  • 04

    Don't manually 'add complexity'

    Replacing the 'o' with a zero in a dictionary word doesn't add real entropy. A short random string does.

05Loved by

Security, DevOps, and product.

  • Daily-driver for any new account or service credential. 32 chars, all sets, into the vault. Three seconds.
    Maya K.
    Security engineer
  • Provisioning service-account passwords. Random + long + into the secrets store. Beats keyboard mashing every time.
    Jaden V.
    DevOps engineer
  • Onboarding new tools. Generate, save in 1Password, never see the string again. Used to use my dog's name.
    Aiko M.
    Product manager

06Questions

Passwords, plainly answered.

Questions before your first generate. Missing one? hello@wirelogs.com.

01Is the generator cryptographically secure?

Yes. It uses window.crypto.getRandomValues, the standard browser interface to the operating system's CSPRNG. The output is suitable for credentials, secrets, and keys.

02How long should my password be?

For account credentials saved in a password manager: at least 16 characters, ideally 20+. For something you'll type by hand, prioritize length over symbols — a long passphrase beats a short complex one.

03Does the password get sent anywhere?

No. Generation happens entirely in your browser. The password isn't transmitted, stored, or logged. Even refreshing the page wipes it.

04Why include symbols if some sites reject them?

Symbols dramatically increase entropy per character. If a service rejects them, disable the symbol set here and regenerate. Most do accept them now.

05Can I use this for an API key or token?

Yes. A long random string from a CSPRNG is exactly what API keys and secrets should look like. Save it in your secrets manager the same way you'd save a password.

06Is the tool free?

Yes. No usage cap, no sign-up, no watermark.

07Related tools

Other security utilities.

Passwords live next to UUIDs, hashes, and the other generators.

Ready when you are

Generate, save, move on.

Pick a length, copy the password, paste into your manager. Nothing leaves your browser.

Open the generatorBrowse all tools
  • 64max length
  • CSPRNGtruly random
  • $0now and always