Password Generator

Use lowercase letters

(note the space character)


Is this tool safe?

Well, I use it. But some things to consider are:

  • If you have spyware or other malicious software installed on your computer then you are potentially at risk (no matter how good the password generator tool is).
  • The pseudorandom number generator function that this tool uses isn't truly random.
  • All passwords are generated client side (nothing is sent across the internet).
  • Somebody could be looking over your shoulder. Duh!

What makes for a good password?

  • One that isn't used in multiple places.
  • One that is at least 16 characters long from a charset of 80+ unique characters.
  • One that doesn't include any personally identifiable information like names, phone numbers, birthdates etc.
  • One that is as random as possible.
  • One that is changed regularly.

What can I do to keep my passwords safe?

  • Ensure that your computer isn't infected with malware.
  • Never sign in to your accounts while using untrusted computers, Wi-Fi connections, VPNs or proxies.
  • Make sure URLs in the address bar (e.g. are typed correctly and aren't phishing or fake websites.
  • Never store your passwords in your browser if other people have access to it (they can easily be revealed).
  • Never leave your passwords unencrypted when storing them on your hard drive.

What does unlocking the "Charset" do?

The charset text field lists all of the possible characters that can appear in your generated password(s). You can alter the characters within this field to suit yourself. You can generate passwords using whatever characters you want.


How does this tool work?

This tool randomly selects characters from a list of available characters that you specify (in the charset).

To choose a random character you'll first need a pseudorandom number generator function:

/* */
function get_random_int(min, max) {
	return Math.floor(Math.random() * (max - min + 1)) + min;

As you may have noticed above, we're using the Math.random() function to generate our random numbers however a new experimental method is becoming available in newer browsers which can be accessed via window.crypto.getRandomValues() and this will produce better pseudorandom numbers in the future.

Now the following code is quite simple. At the heart of it, all we need to do is select a substring of the charset string where the random number is between 0 and charset.length - 1 (because substrings start at 0). Also please note that the pseudorandom number generator function is inclusive (meaning that if the numbers were 0 and 10 the numbers 0 and 10 may be selected rather than just the numbers inbetween, 1 to 9).

function generate_passwords(charset, length, count) {
	var random = 0;
	var char = "";
	var password = "";
	var passwords = "";
	for (var x = 0; x < count; x += 1) {
		password = "";
		for (var y = 0; y < length; y += 1) {
			random = get_random_int(0, (charset.length - 1));
			char = charset.substring(random, random + 1);
			password += char;
		passwords += password + "\n\n";
	return passwords.slice(0, -2);

alert(generate_passwords("0123456789", 10, 3));


Be the first to comment.


A preview of the comment you're writing will go here. Please wait a few seconds after typing.