What makes a password safe?
AG Password Generator uses your browser's cryptographic random number generator (crypto.getRandomValues) to create unpredictable passwords. It never relies on weak randomness like Math.random, and generated values are never sent to a server or stored — they exist only on your own device.
Password safety is measured in entropy (bits). The longer the password and the more character types it uses, the higher the entropy and the harder it is to crack by brute force. As a rule of thumb, 60+ bits is strong and 100+ bits is very strong.
The safest approach is to use a different password for every site and keep them in a password manager. When you must memorize one, a passphrase made of several words is far easier to remember than a random string while remaining plenty strong.
How to use
- Set the password length with the slider. For online accounts, 16 characters or more is recommended.
- Turn on the character sets to include — uppercase, lowercase, numbers, symbols — and enable exclude ambiguous if needed.
- Press the copy button to copy the password to your clipboard, and use regenerate to create a new one.
- If you need something easier to remember, build a word-based password on the Passphrase tab.
Frequently asked questions
How long should a secure password be?
At least 12 characters for online accounts, and 16 or more for important ones. Mixing uppercase, lowercase, numbers and symbols greatly increases entropy at the same length.
Where is my password stored?
Nowhere. Every password is generated in your browser with crypto.getRandomValues and is never sent to a server. It disappears when you reload the page.
Are passphrases safer?
With enough words (4 or more), a passphrase is as strong as a random string while being much easier to remember. Example: river-tiger-cloud-42.
What does 'exclude ambiguous characters' do?
It removes characters that are hard to tell apart, such as the digit 0 and capital O, or the digit 1 and lowercase l and capital I. This helps avoid mistakes when copying by hand.
What does entropy (bits) mean?
It expresses how many guesses are needed to crack a password, on a logarithmic scale. Each extra bit doubles the number of possibilities. Higher values are more resistant to brute-force attacks.