Yes. It is free with no signup, no rate limit, and no paywall on advanced features.

Does it store my inputs?

No. Every calculation runs in your browser using JavaScript. The numbers and text you type never leave your device; we do not log or transmit form values.

Where do the formulas come from?

Formulas come from the canonical reference for the domain (the relevant tax authority, standards body, or peer-reviewed source). See /methodology for the full sourcing process and per-page citations.

← Utilities

What is Password Generator?

A Password Generator produces a password on demand, using a deterministic algorithm or a cryptographically strong random source. Output is generated entirely in your browser so nothing is sent to a server. Useful for creating strong unique credentials for online accounts.

Interactive generator

Password generator

Cryptographically random password using crypto.getRandomValues.

Entropy-

Strength-

Password Generator

Cryptographically secure passwords with configurable strength.

About this tool

The Password Generator creates strong, random passwords using the Web Crypto API. Configure length, character types (uppercase, lowercase, numbers, symbols), and see the password strength rating. All generation is client-side.

What a strong password really is

A strong password is one that is hard to guess and hard to crack by brute force, which in practice means it is long and drawn at random from a large set of characters. This generator builds exactly that: it picks each character independently from the pools you enable (lowercase, uppercase, digits, symbols) using a cryptographically secure random source, then reports how much guessing effort the result represents.

The single biggest lever is length. Adding one character to a password multiplies the number of possibilities by the size of the character pool, while swapping a letter for a symbol only adds a little. A 20-character random password is far stronger than a clever 8-character one, and far easier to store in a password manager than to remember, which is the modern recommendation.

It also matters that the password is genuinely random. Human-chosen passwords cluster around names, dates, keyboard walks, and dictionary words, so an attacker can try the likely candidates first and skip most of the theoretical search space. A generator removes that bias by drawing every character independently, which means the full entropy figure is real rather than optimistic.

Random passwords versus passphrases

There are two good strategies, and they suit different needs. A random password like the output of this tool packs the most entropy into the fewest characters, which is ideal when you paste it into a password manager and rarely type it. A passphrase made of several unrelated words (for example five random words from a long list) is far easier to type and remember, at the cost of being longer on screen.

Both can be strong. The classic XKCD "correct horse battery staple" point is that four to six truly random common words can exceed the entropy of a short symbol-heavy password while staying memorable. Use a passphrase for the handful of secrets you must type from memory, such as your device login or password-manager master password, and use long random strings for everything the manager stores for you.

How the strength is calculated

Strength is measured in bits of entropy: the base-2 logarithm of the total number of passwords your settings could produce. More bits means exponentially more work for an attacker, because each extra bit doubles the search space.

Pool size  N = (26 if lowercase) + (26 if uppercase)
              + (10 if digits) + (~24 if symbols)
Entropy    H = length x log2(N)        (bits)

Example pools:
  lowercase only            N = 26   -> 4.70 bits per character
  lower + upper + digits    N = 62   -> 5.95 bits per character
  all four classes          N = ~86  -> 6.43 bits per character

The tool labels the result: under 40 bits is weak, 40 to 60 is okay, 60 to 80 is strong, and above 80 bits is very strong. Excluding ambiguous characters lowers N slightly, so the per-character entropy drops a touch and you may want a few more characters to compensate.

Worked example: a 20-character password

Suppose you keep the defaults: length 20 with lowercase, uppercase, digits, and symbols all enabled.

Character pool: 26 + 26 + 10 + 24 = about 86 possible characters.
Entropy per character: log2(86) = about 6.43 bits.
Total entropy: 20 x 6.43 = about 128 bits.
Search space: 86^20, roughly 2^128, which is around 3 x 10^38 possible passwords.
Label: well above 80 bits, so the tool reports "Very strong".

Result: at a (generous) trillion guesses per second, exhausting a 128-bit space would take far longer than the age of the universe. This is why a long random password plus a password manager beats memorisation tricks.

Length and entropy reference

Approximate entropy for passwords using all four character classes (pool of about 86), with a rough strength label.

Length	Entropy (all classes)	Label	Typical use
8	~51 bits	Okay	Low-value throwaway logins
12	~77 bits	Strong	Everyday accounts
16	~103 bits	Very strong	Email, work, social
20	~128 bits	Very strong	Banking, password manager master
32	~206 bits	Very strong	Encryption keys, root credentials

Common pitfalls

Reusing one password everywhere. A breach of one site then unlocks all of them through credential stuffing. Generate a unique password per account.
Choosing length 8 because a site allows it. Minimums are floors, not targets. Use 16 or more wherever the field permits.
Substituting predictable leetspeak. Turning "password" into "p@ssw0rd" adds almost no real entropy because cracking tools know every common substitution.
Trusting a weak random source. Passwords built from Math.random or a timestamp are guessable. This tool uses crypto.getRandomValues precisely to avoid that.
Storing the password in plain text. A note file or browser autofill without a master password is a weak link. Use a dedicated password manager.
Skipping two-factor authentication. Even a perfect password is only one layer. Add an authenticator app or hardware key on important accounts.

Frequently asked questions

How long should a password be?

Aim for at least 12 characters on everyday accounts and 16 or more on critical ones like email and banking. Each extra character multiplies the number of possible passwords, so length matters more than exotic symbols. A 16-character password drawn from 95 printable characters has about 95^16, roughly 4.4 x 10^31, combinations.

What does the entropy number mean?

Entropy, measured in bits, is the base-2 logarithm of how many passwords your settings could produce: length times log2(pool size). Each added bit doubles the guessing effort. Under about 40 bits is weak, 60 to 80 bits is strong, and above 80 bits is very strong against offline cracking.

Is this generator actually random?

Yes. It uses the browser's Web Crypto API, specifically crypto.getRandomValues, which is a cryptographically secure random source. That is very different from Math.random, which is predictable and must never be used for passwords or keys.

Are the passwords sent anywhere?

No. Generation happens entirely in your browser tab. Nothing is transmitted to 3Tej or any server, nothing is logged, and the password disappears when you close the tab. For maximum safety, paste it straight into your password manager.

Why would I exclude ambiguous characters?

Characters like lowercase l, uppercase I, the digit 1, uppercase O, and the digit 0 look alike in many fonts and cause errors when a password must be read aloud or typed by hand. Excluding them shrinks the character pool slightly, so add a few characters of length to keep the same strength.

India Tools Editorial

Calculators & explainers maintained by the India Tools team.