How are passwords generated?

Passwords are generated using the Web Crypto API's getRandomValues() which is cryptographically secure.

What is the maximum number of passwords?

You can generate up to 1000 passwords in a single batch.

What output formats are available?

Plain text (one password per line), CSV (with index column), and JSON array.

What does no ambiguous characters mean?

It removes characters like 0, O, I, l, and 1 that look similar and can cause confusion.

Are passwords sent to a server?

No. All password generation happens in your browser. No data is ever sent to any server.

Can I set a custom password length?

Yes. You can set a minimum and maximum length between 4 and 128 characters.

Yes. Completely free with no sign-up required.

Password List Generator

Generate bulk lists of cryptographically secure passwords. Plain text, CSV, or JSON output.

Number of Passwords

Length Range

Output Format

Password Generator Features

Cryptographically secure bulk password generation for any use case.

Cryptographically Secure

Uses Web Crypto API getRandomValues() for true randomness.

Multiple Formats

Export as plain text, CSV, or JSON for easy integration.

Custom Rules

Control length, character types, and exclude ambiguous characters.

Key Takeaways

Passwords are generated entirely in your browser from your chosen settings, so the list stays on your device and can be exported as Plain Text (.txt), CSV (.csv), or JSON (.json).
You control the strength: pick a count of 1 to 1000 and a length of 4 to 128 characters, and toggle uppercase, lowercase, numbers, and symbols - at least one type must be selected or generation is blocked.
When the minimum and maximum length differ, each password gets a random length from that range; set them to the same number to force a single fixed length.
Enable Exclude Ambiguous to strip 0, O, I, l, and 1 for passwords that are easier to read aloud or type, but leave it off and use a long length with all four character types for maximum strength.

How to Generate a Bulk Password List

Set Count and Length Range
Enter how many passwords you need (1 to 1000) and a minimum and maximum length (4 to 128 characters each). When the minimum and maximum differ, each password gets a random length picked from that range, so your list will contain varied lengths rather than one fixed size.
Choose the Character Types
Tick uppercase, lowercase, numbers, and symbols to control the character pool. The symbol set is !@#$%^&*()-_=+[]{}|;:,.<>?. Enable Exclude Ambiguous to strip 0, O, I, l, and 1 from the pool. At least one type must be selected or generation is blocked.
Pick a Format and Export
Select Plain Text, CSV, or JSON, then click Generate Passwords. Use Copy All to send the result to your clipboard, or Download to save it as passwords.txt, passwords.csv, or passwords.json. The list also regenerates automatically when the page first loads.

Output Formats at a Glance

The same passwords can be exported in three layouts. Each is built in your browser from the generated list, so the content is identical and only the structure differs. Choose the format that matches where the passwords will be used.

Format	Structure	File Extension	Best For
Plain Text	One password per line, separated by line breaks	.txt	Quick copy and paste or pasting into another tool
CSV	Header row index,password then one numbered row per entry, with quotes escaped	.csv	Opening in a spreadsheet or importing into a table
JSON	An indented array of password strings	.json	Loading into code, scripts, or seeding test data
Copy All	Sends the current formatted output to the clipboard	n/a	Moving the list straight into another window
Download	Saves the formatted output as a local file	matches format	Keeping a file copy on your own device

How to Configure for Your Use Case

Maximum Strength

Enable all four character types and leave Exclude Ambiguous off. Set a high minimum length, such as 20 to 24 characters. The larger the pool and the longer the password, the more combinations an attacker must try.

Easy to Read Aloud

Turn on Exclude Ambiguous so 0, O, I, l, and 1 are removed. This avoids the most common mix-ups when someone has to type a password from a screen or read it over the phone.

Strict System Rules

If a service rejects symbols, untick Symbols and rely on uppercase, lowercase, and numbers. Set the minimum and maximum length to the same value to force every password to an exact required length.

Bulk Test Data

Set a large count, up to 1000, and choose JSON so the array drops straight into a script or fixture. Keep generated test passwords out of any production system.

Common Problems and Fixes

It says to select at least one character type

Generation needs a non-empty character pool. Tick at least one of uppercase, lowercase, numbers, or symbols. If you enabled Exclude Ambiguous with only numbers selected, enough digits still remain, so re-check that a type is actually ticked.

Passwords are different lengths than expected

When the minimum and maximum length differ, each password is given a random length within that range. To force a single fixed length, set the minimum and maximum to the same number.

My values were changed after generating

Inputs are clamped to safe limits: count is held between 1 and 1000, and lengths between 4 and 128. A maximum below the minimum is raised to match the minimum, so an out-of-range entry is adjusted rather than rejected.

Copy All did not work

Copying uses the browser clipboard, which usually requires a secure HTTPS page and may prompt for permission. If nothing copies, allow clipboard access for the site, or use Download to save the list as a file instead.

About Password List Generator

Generate bulk lists of secure random passwords entirely in your browser using the Web Crypto API for cryptographic randomness.

Frequently Asked Questions

Is this tool free to use?

Yes, this tool is completely free.

No account or registration is required.

You can use it as many times as you like.

Are generated passwords stored anywhere?

No. All generation happens in your browser.

Passwords are never sent to any server.

We do not store, log, or share generated passwords.

What makes these passwords secure?

Passwords use crypto.getRandomValues() from the Web Crypto API.

This is the same level of randomness used in security software.

The large character set and random length further increase entropy.

Do I need to install anything?

No installation is required.

It runs entirely in your web browser.

Works on any modern browser without plugins.

Does it work on mobile?

Yes, the tool is fully responsive.

It works on phones, tablets, and desktops.

No app download is needed.

Can I use the output commercially?

Yes, there are no restrictions on usage.

The output belongs entirely to you.

Use it for personal or commercial projects freely.

What browsers are supported?

All modern browsers are supported.

This includes Chrome, Firefox, Safari, and Edge.

Keep your browser updated for best results.

Can I generate passwords for testing?

Yes, this is a common use case for the tool.

Use JSON format to easily import test passwords into your application.

Never use test passwords in production environments.

Works in Chrome, Firefox, Safari, Edge, Opera, and other modern browsers on Windows, macOS, Linux, Android, and iOS. No software installation or sign-up required. All conversions run directly in your browser, so your files never leave your device and are never uploaded to a server. Free to use with no account needed.

Sources and References

Format and tool details on this page are based on the official specifications and documentation below.

Digital Identity Guidelines (SP 800-63B)- NIST
Password / authentication guidance- OWASP Cheat Sheet Series