/ developer & network toolbox
← all tools

$ pwgen

runs locally

Password Generator

Cryptographically-strong random passwords with full control over length and character sets.

password — invoker.tools
— pick at least one character set —
entropy ~129 bits · overkill

Generated locally with crypto.getRandomValues — never sent anywhere.

About the Password Generator

This password generator creates strong, random passwords using your browser's built-in crypto.getRandomValues, the same cryptographically secure source recommended for security-sensitive randomness. You control the length and which character sets to include — lowercase, uppercase, digits and symbols — and can exclude ambiguous characters like 0/O and 1/l/I that are easy to misread. A live entropy estimate shows how strong each password actually is, in bits.

Reach for it whenever you need a fresh password for an account, a database user, an API service or a Wi-Fi network and want something unguessable instead of a reused phrase. Everything runs locally in your browser: the password is generated on your device and never leaves it, which makes it safe to use for real credentials.

How to use it

  1. Set the desired password length with the slider or input.
  2. Toggle the character sets you want: lowercase, uppercase, digits and symbols.
  3. Enable exclude ambiguous characters if the password must be typed by hand.
  4. Read the live entropy/strength estimate to confirm it is strong enough.
  5. Copy the generated password or regenerate for a new one.

Examples

  • 20 characters with all sets enabled: a high-entropy password for a password manager entry.
  • 16 characters, letters and digits only, ambiguous excluded: an easy-to-type password for a Wi-Fi router admin page.
  • 12 lowercase + digits: a quick throwaway password for a test database account.

Frequently asked questions

How strong are the generated passwords?

Strength depends on length and the character sets you enable. The tool shows a live entropy estimate in bits so you can pick settings that exceed the commonly recommended threshold of around 75-100 bits.

Is it safe to generate real passwords here?

Yes. Generation happens entirely in your browser using crypto.getRandomValues, and nothing is sent to a server, so the password never leaves your device.

What does exclude ambiguous characters do?

It removes easily confused characters such as 0 and O, or 1, l and I. This is useful when a password has to be read aloud or typed manually.

What is entropy and why does it matter?

Entropy measures unpredictability in bits — each extra bit doubles the number of possible passwords. Higher entropy means a password is exponentially harder to brute-force.

What is the difference between a random password and a passphrase?

A random password mixes characters for maximum entropy per character but is hard to memorize. A passphrase strings together words and is easier to remember at a given strength. Use the passphrase generator if you need to type it from memory.

Can I generate passwords without any symbols?

Yes. Just disable the symbols set. Some systems reject special characters, so a letters-and-digits password can be more compatible — increase the length to keep the entropy high.

More generate tools

UUID GeneratorULID / UUIDv7QR CodeBarcodePassphraseColor PaletteLorem IpsumFavicon GeneratorTOTP / 2FA