What is the best free password generator online?

jsonformat.org/password-generator is one of the best free online password generators. It uses a CSPRNG, shows entropy scores, and never stores or transmits your passwords.

Generador de Contraseñas Online

Cryptographically secure · runs entirely in your browser Live crypto.getRandomValues

Click Generate

Strength —

Entropy: — bits · Pool size: — chars

Length 16 characters

16 4–64

Uppercase Letters A–Z

Lowercase Letters a–z

Digits 0–9

Symbols !@#$%^&*…

Exclude Ambiguous O, 0, I, l, 1, |, `

Bulk Generation

Count:

Click "Generate All" to create multiple passwords at once.

More Security & Developer Tools

Codificar/Decodificar

Por Qué Este es el Mejor Generador de Contraseñas Online

Criptográficamente Seguro

Uses crypto.getRandomValues — the same Web Crypto API used by browsers for TLS. Combined with rejection sampling to eliminate modulo bias, every character is drawn from a truly uniform distribution.

Puntuación de Entropía

Entropy (in bits) measures how unpredictable a password is: H = L × log₂(N) where L is length and N is pool size. Security researchers recommend 80+ bits for most accounts and 128+ bits for high-value targets.

Nada Sale de Tu Navegador

All generation happens entirely in JavaScript on your device. No passwords, no options, no logs are ever sent to a server. Close the tab and nothing persists — not even in localStorage.

Opciones Flexibles

Mix and match character sets, exclude visually ambiguous characters (O vs 0, I vs l vs 1) for easier hand-entry, and generate 5–50 passwords in bulk for batch provisioning or testing.

Preguntas Frecuentes

Is this password generator cryptographically secure?

Yes. It uses crypto.getRandomValues, a CSPRNG (Criptográficamente Seguro Pseudo-Random Number Generator) exposed by modern browsers. It also uses rejection sampling so every character index has perfectly equal probability regardless of charset size.

How many bits of entropy do I need?

For everyday accounts: 60–80 bits. For banking or email (account recovery vector): 80–100 bits. For encryption keys or master passwords: 128+ bits. A 16-character password using all four character classes gives roughly 105 bits of entropy.

What does "exclude ambiguous characters" do?

Removes O, 0 (letter O and zero), I, l, 1 (capital I, lowercase l, one), | (pipe), and backtick. These look nearly identical in many fonts, which can cause transcription errors when entering passwords by hand or reading from a screen. Excluding them reduces the pool by only ~7 characters while making passwords far more legible.

Are generated passwords stored anywhere?

No. Generation happens entirely in your browser. Nothing is sent to any server, logged, or stored in cookies or localStorage. Each page refresh starts fresh with no memory of previous passwords.