随机密码生成器
More Security & Developer Tools
为什么这是最好的在线密码生成器
密码学安全
Uses crypto.getRandomValues — the same Web Crypto API used by browsers for TLS. Combined with rejection sampling to eliminate modulo bias, every character is drawn from a truly uniform distribution.
熵值评分
Entropy (in bits) measures how unpredictable a password is: H = L × log₂(N) where L is length and N is pool size. Security researchers recommend 80+ bits for most accounts and 128+ bits for high-value targets.
数据不离开您的浏览器
All generation happens entirely in JavaScript on your device. No passwords, no options, no logs are ever sent to a server. Close the tab and nothing persists — not even in localStorage.
灵活的选项
Mix and match character sets, exclude visually ambiguous characters (O vs 0, I vs l vs 1) for easier hand-entry, and generate 5–50 passwords in bulk for batch provisioning or testing.
常见问题
Is this password generator cryptographically secure?
Yes. It uses crypto.getRandomValues, a CSPRNG (密码学安全 Pseudo-Random Number Generator) exposed by modern browsers. It also uses rejection sampling so every character index has perfectly equal probability regardless of charset size.
How many bits of entropy do I need?
For everyday accounts: 60–80 bits. For banking or email (account recovery vector): 80–100 bits. For encryption keys or master passwords: 128+ bits. A 16-character password using all four character classes gives roughly 105 bits of entropy.
What does "exclude ambiguous characters" do?
Removes O, 0 (letter O and zero), I, l, 1 (capital I, lowercase l, one), | (pipe), and backtick. These look nearly identical in many fonts, which can cause transcription errors when entering passwords by hand or reading from a screen. Excluding them reduces the pool by only ~7 characters while making passwords far more legible.
Are generated passwords stored anywhere?
No. Generation happens entirely in your browser. Nothing is sent to any server, logged, or stored in cookies or localStorage. Each page refresh starts fresh with no memory of previous passwords.