Password Generator: How to Create Cryptographically Secure Passwords
Generate truly random, secure passwords. What makes a password cryptographically random, and how to store them safely.
Why Random Password Generation Matters
Human-created passwords are predictable. People use words, names, dates, and patterns — all of which make passwords vulnerable to dictionary and brute force attacks.
Cryptographically secure random password generators use your computer's entropy sources (hardware timing, system events) to produce genuine randomness. The resulting passwords have no patterns, no words, and no predictable structure.
What Makes a Password Cryptographically Secure
Good random generators use: window.crypto.getRandomValues() in browsers (Web Crypto API), /dev/urandom in Linux/Mac, CryptGenRandom in Windows. These draw from hardware-based entropy, making them truly unpredictable.
Bad random generators use: Math.random() in JavaScript — this is a pseudorandom number generator seeded with predictable values. Fine for games, not for security.
Lazyblink Password Generator uses window.crypto.getRandomValues() — genuinely secure randomness.
Password Configuration Guide
Length: Minimum 12 characters for general accounts. 20+ characters for critical accounts (email, banking, master password).
Character sets:
Uppercase + lowercase + numbers + symbols: Maximum entropy. Use for all passwords.
Uppercase + lowercase + numbers only: Good for sites that do not allow symbols.
Symbols to include: Mix of !@#$%^&*()_-+=[] for maximum entropy.
Storing Generated Passwords
You cannot remember a 20-character random password. You should not try. Store all generated passwords in a password manager:
Bitwarden: Free, open source, audited, cross-platform. Best free option.
1Password: Best UX, excellent security, $3/month.
Apple Keychain: Free for Apple ecosystem users.
Your only memorable password should be the master password for your password manager — make it a 5-word passphrase.
Frequently asked questions
How long should a generated password be?
12 characters minimum for regular accounts. 16+ characters for important accounts (email, banking). 20+ for master passwords. Length is the most important factor.
Is Lazyblink password generator safe to use?
Yes — passwords are generated locally in your browser using the Web Crypto API. They are never sent to any server. Copy immediately and store in a password manager.
Put this guide into practice with our free online tool — no signup required.
Open tool