Strong Password Generator
Create strong, random passwords in one click. Pick length and which character types to include. Everything runs in your browser — the password never leaves your device.
How does Genfy's password generator work?
When you click "Generate again", the browser uses crypto.getRandomValues,
a standard cryptographic API available in all modern browsers. That function produces
cryptographic-quality random numbers, far better than the classic Math.random
used in games. Then we combine those numbers with the character set you picked to assemble
the password.
The whole process happens in your browser. The password never travels over the network, never gets stored on a server and never ends up in logs. Close the tab and it's gone.
What makes a password strong?
Password strength depends on two things: length and randomness. An 8-character password using all 95 printable keyboard characters has about 200 billion possible combinations. That sounds like a lot, but a modern GPU can try several billion per second: it falls in hours. A truly random 16-character password, on the other hand, has more combinations than there are atoms in the solar system: it's unbreakable by brute force.
Recommendations by use case
- Critical accounts (bank, primary email, password manager): 20+ characters with all types.
- Everyday accounts (social, forums, subscriptions): 14-16 characters.
- Throwaway accounts (one-time signups): 12 is enough, but use a different email if it's truly throwaway.
- Home WiFi: 14-20 characters without weird symbols (easier to type on phones and consoles).
- Disk encryption / family accounts: consider a passphrase of 4-6 random words instead of characters.
Common password mistakes
Beyond length, some mistakes empty out any seemingly strong password:
- Reusing the same one across sites. When a site leaks its database — it happens monthly — attackers automatically try it on thousands of services.
- Human patterns. "Maria1985!" looks complex but attack dictionaries cover names, dates and typical substitutions (a→@, e→3, etc.).
- Sticky note on the monitor. Better: a password manager (Bitwarden, 1Password, KeePass) protected by a single very long master key.
- Sharing it via Slack/iMessage/text. Don't. If you really have to share a credential, use Bitwarden Send, 1Password's share link, or an ephemeral one-time tool (PrivateBin, 1ty). All of them auto-expire and don't sit in chat history forever.
And if the site has weird rules...
Some sites still reject symbols, demand an absurd maximum (12 chars) or force monthly rotations. Enable Exclude ambiguous to avoid conflicting characters and lower length to the maximum allowed. If a site is too restrictive, consider switching to a more serious provider for that account when possible.
FAQ
What makes a password strong?
Length (12+ characters), a mix of uppercase, lowercase, numbers and symbols, with no predictable patterns or personal data.
Is it safe to generate passwords online?
Yes, as long as the generator runs in your browser. Genfy uses the browser cryptographic API and never sends the password to a server.
How many characters should my password have?
For everyday accounts, 12-16 is enough. For critical accounts (bank, master email, password manager) we recommend 20+.
Can I reuse the same password on multiple sites?
No. If a site is breached, attackers try the same password elsewhere. Use a password manager and a unique password per service.