Rangdom

Random Password Generator

 
Length
15
Generated using the Web Crypto API for cryptographically secure randomness.

Why is this password secure?

This generator uses the Web Crypto API, the same cryptographic engine that secures HTTPS connections and encrypts your data. Unlike Math.random(), which relies on a predictable pseudorandom algorithm, crypto.getRandomValues() draws entropy from your operating system — hardware noise, interrupt timing, and other unpredictable physical sources.

Each character in your password is selected independently and uniformly from the chosen character set, making the password impossible to predict even if an attacker knows the generation method.

Password strength

Password strength is measured in bits of entropy. More bits means exponentially more guesses an attacker would need. Here's how different configurations compare:

ConfigurationCharset sizeEntropy (16 chars)Time to crack
Lowercase only26~75 bitsCenturies
Lower + upper52~91 bitsMillennia
Lower + upper + digits62~95 bitsMillennia
All characters88~103 bitsHeat death of universe

Crack times assume 100 billion guesses per second, which exceeds current capabilities.

Use cases

  • Create a strong master password for your password manager
  • Generate unique passwords for each online account
  • Create API keys and secret tokens for development
  • Generate Wi-Fi network passwords
  • Create temporary passwords for shared accounts
  • Generate encryption passphrases for files and drives

How it works

  1. Your browser generates cryptographically secure random bytes using the Web Crypto API
  2. Each byte is mapped to a character from your chosen character set using modular arithmetic
  3. Characters are assembled into a password of your specified length
  4. The password exists only in your browser — nothing is sent to any server

Everything runs locally in your browser. No passwords are stored, logged, or transmitted.

Frequently asked questions

How long should my password be?

At least 12 characters for everyday accounts, 16 or more for sensitive accounts like email and banking. Longer passwords are exponentially harder to crack — each additional character multiplies the difficulty.

Should I include special characters?

Yes, when the service allows it. Special characters increase the character set size, which directly increases entropy. However, a longer password with fewer character types can be just as strong as a shorter one with more types.

Is it safe to generate passwords in a browser?

Yes. This tool runs entirely on your device using client-side JavaScript. No passwords are ever sent to a server. The Web Crypto API provides the same quality of randomness used by operating systems for encryption.

Can I use the same password for multiple accounts?

Never. If one account is compromised, all accounts sharing that password become vulnerable. Generate a unique password for each account and store them in a password manager.

Common password mistakes

Research on leaked password databases reveals predictable patterns. The most common password habits include:

password123 — dictionary word + simple numbersJohn1990! — name + birth year + symbolqwerty — keyboard walk patterniloveyou — common phraseP@ssw0rd — predictable substitutions

These patterns are well known to attackers and are among the first combinations tried in any brute-force or dictionary attack. A randomly generated password eliminates all human bias — every character is chosen independently with uniform probability.

Password entropy explained

Entropy measures the unpredictability of a password. It's calculated as:

Entropy = length × log₂(charset size)

For example, a 16-character password using all 88 characters in our full set has approximately 103 bits of entropy. Each additional bit doubles the number of guesses needed. At 100 bits, an attacker trying 100 billion passwords per second would need over 40 trillion years to try every possibility.

Common scenarios

Password manager master password

Your master password is the most important password you have. It should be at least 20 characters and include all character types. Since you only need to memorize this one password, make it as strong as possible.

Online accounts

Each account should have its own unique password. Use 16+ characters with full character set. Store them in a password manager — don't try to memorize them all.

API keys and tokens

Development secrets should be long (32–64 characters) and use alphanumeric characters to avoid encoding issues. Never commit them to source control — use environment variables instead.

Wi-Fi passwords

WPA2/WPA3 passwords should be at least 12 characters. Since you only type them once per device, use a long, complex password. Avoid using personal information that neighbors could guess.

Privacy and security

Your generated passwords never leave your device. This tool runs entirely in your browser using client-side JavaScript — no API calls, no server logs, no cookies, and no tracking of generated passwords. The source code is fully transparent and can be inspected in your browser's developer tools.

Sources of entropy

Entropy is the raw unpredictability that fuels random password generation. Different systems harvest entropy from different sources:

Hardware noise

Thermal noise in electronic circuits, clock jitter, and voltage fluctuations. This is what most operating systems use, including the entropy pool behind the Web Crypto API.

Atmospheric noise

Radio static from thunderstorms and electromagnetic interference. Services like RANDOM.ORG use this approach, capturing atmospheric noise via radio receivers.

Radioactive decay

The timing of individual atomic decay events is fundamentally unpredictable according to quantum mechanics. Some dedicated hardware RNGs use Geiger counters for this purpose.

User input

Mouse movements, keystroke timings, and touchscreen interactions contribute to the OS entropy pool. The precise microsecond timing of these events is unpredictable enough to be useful.