Random password options
Crack time by attack speed
0.0 bits of entropy from a pool of 0 possibilities. NIST recommends 80+ bits for accounts you care about; 128+ for the paranoid.
Have I Been Pwned checkk-anonymity, never sends password
We SHA-1 the password locally, send only the first 5 hex chars to api.pwnedpasswords.com, and check the response locally. The password and full hash never leave your browser.
The password generator that doesn't push you into a paid manager
Random, Diceware, pronounceable, or pattern-based. Live entropy + crack-time meter. Bulk generate up to 100 with CSV export. Optional Have I Been Pwned check via k-anonymity (your password never leaves the browser). 100% client-side cryptographic randomness.
How it works
Pick a mode
Random characters, Diceware passphrase, pronounceable, or pattern-based template. Each suits a different use case.
Adjust the strength
Length, character classes, exclude similar / ambiguous chars, ensure-one-of-each. Live entropy meter shows the bits you're building.
Copy or bulk download
One click to copy. Or set bulk to 100 and download a CSV. Cryptographic-grade randomness, never Math.random.
Every feature, free
4 generation modes
Random char-class for site logins, Diceware passphrase for memorability, pronounceable for verbal handoff, pattern-based for sites with strict format rules. Most generators offer only random.
Live entropy + crack-time
Bits of entropy displayed as you type. Crack time shown at 4 attack tiers: online throttled, online unthrottled, offline slow hash (PBKDF2), offline fast hash (10B/sec GPU). zxcvbn-compatible scoring.
Bulk generation up to 100
Generate 100 unique passwords at once. Copy individually or download as CSV. Useful for seeding test accounts, recovery codes, or batch-creating new logins.
Have I Been Pwned check
Optional k-anonymity check: we SHA-1 your password locally, send only the first 5 hex chars to HIBP, check the response locally. The password and full hash NEVER leave your browser.
Cryptographic randomness
Uses crypto.getRandomValues() with rejection sampling to avoid modulo bias. Math.random() is not cryptographically secure; many free generators get this wrong. Ours produces output that's safe for security tokens.
Smart character class enforcement
Many sites require 'at least one upper, lower, digit, symbol'. Our 'ensure each class' option guarantees the output passes those checks without sacrificing randomness.
Exclude similar / ambiguous
Drop Il10O for handwritten or read-aloud passwords. Drop {}[]() for systems that mangle them. Toggle independently.
100% browser-side
Generation, entropy analysis, crack-time computation, and the bulk export all run locally. The HIBP check is the only network request and uses k-anonymity. Open the network tab to verify.
Why we built this
No password manager required
LastPass, 1Password, Norton, Bitwarden , most free generators are loss-leaders for paid managers. We don't sell anything. The tool stands alone, free, with all features included.
Cryptographically secure by default
Many free generators use Math.random(), which is not secure. Skilled attackers can recover the seed and predict future outputs. We use crypto.getRandomValues() exclusively, the same primitive Web Crypto and TLS use.
Multiple modes for different threat models
Random for password manager storage. Diceware for what you'll type. Pronounceable for what you'll say over the phone. Pattern for sites with format quirks. Pick the right tool for the job.
Bulk + breach check together
No competitor offers bulk generation AND breach checking AND multi-mode AND offline-capable in one tool. We do, free.
Molixa vs LastPass, Bitwarden generators
| Feature | Molixa Password Generator | LastPass | Bitwarden |
|---|---|---|---|
| Free, no signup | Yes | Yes | Yes |
| 4 generation modes | Random, Diceware, Pronounceable, Pattern | Random + simple passphrase | Random + Diceware |
| Bulk generate | Up to 100 with CSV export | One at a time | One at a time |
| Live entropy meter | Bits + 4 attack tiers | Basic strength bar | Basic strength bar |
| HIBP breach check | Yes, k-anonymity | In paid app | In paid app |
| Pattern-based templates | Yes | No | No |
| Cryptographic random | crypto.getRandomValues + reject sampling | Yes | Yes |
| Standalone (no manager) | Yes | Pushes manager signup | Pushes manager signup |
What people use it for
Generate a strong password for a new account
Pick Random, length 16, all 4 classes on, copy. Paste into the signup form. Save in your password manager. Done in 5 seconds.
Make a memorable master password
Pick Diceware, 6 words, capitalize on, separator '-'. Result: 'Battery-Horse-Staple-Apple-River-Sunset'. ~70 bits, easy to type, no manager could ever lose it for you.
Verbal password to dictate to a coworker
Pick Pronounceable. Length 14. Result: 'pulokirakapule'. Easier to read aloud than 'X#k$2vQ!9j@n'.
Match a site with weird format rules
Site says 'exactly 12 chars, 2 digits, 1 symbol, no ambiguous'? Pick Pattern, template 'aaaaaaaa-99?'. Result fits the format on the first try.
Bulk-create accounts for testing
Set bulk to 50, hit generate, download CSV. Each row is a fresh, unique, strong password. No more 'Password1', 'Password2' for QA accounts.
Verify your password hasn't been leaked
Type or paste a password (or copy a generated one), click 'Check this password'. The k-anonymity protocol checks Have I Been Pwned without sending your password anywhere.
Walkthroughs
Generate a strong password in 3 seconds
- 1Default mode is Random, length 16, all character classes on. That's already a 96-bit-entropy password.
- 2Click Copy. The password is in your clipboard.
- 3Paste into the signup form. Save in your password manager.
- 4If the site rejects a symbol, switch to Pattern mode and customize.
Build a Diceware master passphrase
- 1Click the Passphrase tab.
- 2Set Words to 6, capitalize on, separator '-'. Get something like 'Battery-Horse-Staple-Apple-River-Sunset'.
- 3Optionally toggle 'Append digits' and 'Append symbol' for sites that require them.
- 4Memorize it. Use as your password manager master password. Never type it into anything else.
Check if your existing password has leaked
- 1Generate any password (we need something in the input field).
- 2Manually edit the displayed password by clicking Show then editing , or paste your existing password into a text field.
- 3Click 'Check this password' under Have I Been Pwned.
- 4Result tells you whether the password appears in any known breach. If yes, change it everywhere.
Bulk-export 50 passwords for QA
- 1Set Bulk generate to 50.
- 2The list of 50 unique strong passwords appears below the primary result.
- 3Click 'Download CSV' to save them all with index and length columns.
- 4Each password is independently random. The CSV is yours; we never see it.
Privacy + security
Passwords never leave your browser
Generation happens locally using crypto.getRandomValues, the cryptographically secure PRNG built into every modern browser. Entropy analysis happens locally. Crack-time computation happens locally. Bulk export downloads from your tab to your disk without going through any server.
The optional Have I Been Pwned breach check uses k-anonymity. We SHA-1 your password in the browser, send only the first 5 hex characters of the resulting 40-character hash to api.pwnedpasswords.com, and check locally whether your specific 35-character suffix is in their response. The remote service never sees the password, never sees the full hash, and could not reconstruct either from the prefix it receives. This protocol is well-documented and audited; Troy Hunt (HIBP's author) has written extensively about the privacy guarantee.
Who it's built for
Security-conscious users
Cryptographic randomness, k-anonymity breach check, no upsell. Generate, save in your manager, move on.
Developers + sysadmins
Bulk generate API tokens, recovery codes, test passwords. Pattern mode for systems with strict format rules. CSV export for piping into your provisioning scripts.
International users
No paid tier, no geographic gating, no signup required. Works the same in every country. Output is plain text , copy and use anywhere.
QA + ops teams
Bulk export 100 passwords to seed test accounts. CSV format drops into spreadsheets and provisioning scripts. Every password is independently random.
Questions people ask
Is the password generator free?
How is randomness sourced?
Do passwords get sent anywhere?
What's the difference between Random, Passphrase, Pronounceable, and Pattern?
How long should my password be?
What does 'crack time' actually mean?
What's bulk generation good for?
Why does the strength meter sometimes show different scores for the same length?
Is Have I Been Pwned safe to use?
Should I use a password manager?
Try it now
Cryptographic random, 4 modes, bulk export, breach check
Free. No signup. No upsell into a paid password manager. Just the strongest passwords you can paste in.
Start generatingThe Password Generator page is built, reviewed, and maintained by the Molixa team. We use the tool we ship and update the docs when the behavior changes.
Related Security Tools
Popular Tools
AI Content Detector
Check if text was written by AI with a sentence-by-sentence heatmap.
YouTube Video Summarizer
Turn any YouTube video into clear notes with chapters, quotes, chat, and flashcards.
PDF Summarizer
PDF summarizer with page citations, multi-doc compare, and domain templates.
AI Text Rewriter
Paraphrase in 10 modes with diff view, freeze words, and brand voice training.
AI Math Solver
Free math solver with step-by-step solutions, photo upload, and 4 learning modes.
Watermark Remover
Brush over a watermark or object and remove it cleanly with AI. Pro/Plus.
From the blog
- How to Create a Strong Password (2026 Guide)Most password advice is outdated. Here is what actually makes a password strong in 2026, length over symbols, why passphrases win, the entropy math behind crack time, and how to generate one no rainbow table can touch.Read article
- How Long Should a Password Be in 2026?Forget forced symbols. In 2026 the rule is length: 15+ characters, ideally a passphrase. Here is why, the entropy targets that matter, and how to generate one.Read article
- Password Generator: Create Hack-Proof Passwords in 3 SecondsMost people use 'password123' or their dog's name. Here's how to generate truly secure passwords + the free tool that does it instantly.Read article