Reusing passwords or using weak ones is the most common way accounts get compromised. But coming up with a strong, unique password for every site — and actually remembering which one goes where — isn’t realistic without help.
Today we’re launching Password Generator on Tools.Town — a fast, fully client-side tool for generating cryptographically random passwords.
What it does
The generator gives you full control over what the password looks like:
Length — drag the slider from 4 to 128 characters. The modern minimum is 16; for anything you care about, 20+ is better.
Character sets — toggle uppercase, lowercase, numbers, and symbols independently. Mix and match to match the requirements of whichever site you’re filling in.
Exclude ambiguous characters — if you’ll ever need to type the password from memory or read it off a screen, turn this on. It removes I, l, 1, O, and 0 so you’re not squinting at your monitor guessing which character is which.
Strength meter and entropy
Every time you adjust a setting or click Generate, the strength meter updates immediately. It shows entropy in bits — a concrete measure of how hard the password is to brute-force:
| Bits | Strength |
|---|---|
| < 40 | Weak — trivially crackable |
| 40–60 | Fair — OK for low-stakes accounts |
| 60–80 | Strong — resistant to most attacks |
| 80+ | Excellent — practically uncrackable |
A 20-character password with upper, lower, numbers, and symbols has around 129 bits of entropy. That’s not going to be cracked in our lifetimes.
Why client-side matters for a password tool
The whole point of a password generator is that the password stays secret. Running the generation server-side would mean transmitting the password over a network connection — exactly what you’re trying to avoid.
Every password on Tools.Town is generated using crypto.getRandomValues, the same cryptographic randomness your operating system provides. There’s no server call, no logging, no analytics on what you generated. Reload the page and it’s gone.
How to use it
- Set your length — 16+ recommended, 20+ for critical accounts
- Toggle the character sets you want
- Optionally turn on exclude ambiguous if you might need to type it
- Generate — the result appears instantly
- Copy with one click and paste it into your password manager or login form
Try it
For best security: generate a unique password for every account and store them in a password manager. This tool handles the generation — your manager handles the memory.
Related: Hash Generator → — verify data integrity and generate hashes for any string.
Frequently Asked Questions
Are generated passwords stored anywhere?
What character sets can I use?
How is entropy calculated?
Can I exclude ambiguous characters?
Explore more on Tools.Town Blog
Finance guides, tool launches, and engineering stories — updated weekly.