Password Generator — Developer Code Samples

Generate cryptographically secure random passwords using the secrets module in Python (preferred over random) or crypto.getRandomValues() in the browser. These patterns are appropriate for generating API keys, temporary passwords, and secure tokens.

Try the interactive version online: Open Password Generator Tool →

Parameters

Parameter	Type	Required	Description
length	int	No	Password length in characters (default: 16)
use_uppercase	bool	No	Include uppercase letters A-Z (default: True)
use_lowercase	bool	No	Include lowercase letters a-z (default: True)
use_digits	bool	No	Include digits 0-9 (default: True)
use_symbols	bool	No	Include symbols !@#$%^&* (default: True)

Returns: Cryptographically secure random password string

Code Examples

import secrets
import string

# Generate a secure random password
def generate_password(
    length=16,
    use_uppercase=True,
    use_lowercase=True,
    use_digits=True,
    use_symbols=True,
    exclude_ambiguous=False
):
    """Generate a cryptographically secure password."""
    charset = ''
    required_chars = []

    if use_lowercase:
        chars = string.ascii_lowercase
        if exclude_ambiguous:
            chars = chars.replace('l', '').replace('o', '')
        charset += chars
        required_chars.append(secrets.choice(chars))

    if use_uppercase:
        chars = string.ascii_uppercase
        if exclude_ambiguous:
            chars = chars.replace('I', '').replace('O', '')
        charset += chars
        required_chars.append(secrets.choice(chars))

    if use_digits:
        chars = string.digits
        if exclude_ambiguous:
            chars = chars.replace('0', '').replace('1', '')
        charset += chars
        required_chars.append(secrets.choice(chars))

    if use_symbols:
        chars = '!@#$%^&*()-_=+[]{}|;:,.<>?'
        charset += chars
        required_chars.append(secrets.choice(chars))

    # Fill remaining length with random chars from full charset
    remaining = length - len(required_chars)
    password = required_chars + [secrets.choice(charset) for _ in range(remaining)]

    # Shuffle to avoid predictable positions
    secrets.SystemRandom().shuffle(password)
    return ''.join(password)

# Examples
print(generate_password(16))                     # Full charset
print(generate_password(32, use_symbols=False))  # Alphanumeric only
print(generate_password(12, exclude_ambiguous=True))

# Generate a passphrase (easier to remember)
WORDS = ['correct', 'horse', 'battery', 'staple', 'purple', 'dragon', 'thunder']
passphrase = '-'.join(secrets.choice(WORDS) for _ in range(4))
print(passphrase)  # e.g., correct-dragon-battery-horse

# Generate API key (hex format)
api_key = secrets.token_hex(32)  # 64-char hex string
print(api_key)

# URL-safe token
token = secrets.token_urlsafe(32)  # 43-char base64url string
print(token)

// Browser/Node (Web Crypto API)
function generatePassword(
  length = 16,
  useUppercase = true,
  useLowercase = true,
  useDigits = true,
  useSymbols = true
) {
  const lower = 'abcdefghijklmnopqrstuvwxyz';
  const upper = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  const digits = '0123456789';
  const symbols = '!@#$%^&*()-_=+[]{}|;:,.<>?';

  let charset = '';
  const required = [];

  if (useLowercase) { charset += lower; required.push(randomChar(lower)); }
  if (useUppercase) { charset += upper; required.push(randomChar(upper)); }
  if (useDigits)    { charset += digits; required.push(randomChar(digits)); }
  if (useSymbols)   { charset += symbols; required.push(randomChar(symbols)); }

  const rest = Array.from({ length: length - required.length }, () => randomChar(charset));
  const password = [...required, ...rest];

  // Fisher-Yates shuffle using crypto
  for (let i = password.length - 1; i > 0; i--) {
    const j = cryptoRandInt(i + 1);
    [password[i], password[j]] = [password[j], password[i]];
  }
  return password.join('');
}

function randomChar(charset) {
  return charset[cryptoRandInt(charset.length)];
}

function cryptoRandInt(max) {
  const arr = new Uint32Array(1);
  crypto.getRandomValues(arr);
  return arr[0] % max;
}

// Generate API token (hex)
function generateToken(bytes = 32) {
  const arr = new Uint8Array(bytes);
  crypto.getRandomValues(arr);
  return Array.from(arr).map(b => b.toString(16).padStart(2, '0')).join('');
}

console.log(generatePassword(16));
console.log(generateToken(32));

# Generate a random password
openssl rand -base64 16

# Alphanumeric only (32 chars)
openssl rand -hex 16

# Using /dev/urandom
cat /dev/urandom | tr -dc 'a-zA-Z0-9!@#$%^&*' | head -c 16; echo

# With Python secrets module (most secure)
python3 -c "import secrets, string; print(secrets.token_urlsafe(16))"

# Memorable passphrase (dice-style)
python3 -c "
import secrets
words = open('/usr/share/dict/words').read().splitlines()
print('-'.join(secrets.choice(words) for _ in range(4)))
" 2>/dev/null || echo "Word list not found"

# Generate bcrypt hash of a password
python3 -c "import bcrypt; pw = b'mypassword'; print(bcrypt.hashpw(pw, bcrypt.gensalt()).decode())"

Other Tool APIs

JSON Formatter Base64 Encode/Decode URL Encode/Decode Lorem Ipsum Generator Word & Character Counter MD5 & SHA Hash Generator

View all API docs →