Random String Generator

Generate random strings for passwords, tokens, test data, API keys, and mock IDs. Choose character set, length, and quantity — everything runs locally.

Character set guide

  • Alphanumeric — A–Z, a–z, 0–9 (62 chars). Best all-purpose random strings.
  • Hex — 0–9, a–f (16 chars). Looks like a hash or UUID. 32 hex chars = 128-bit token.
  • URL-safe — A–Z, a–z, 0–9, -, _ (64 chars). Safe in URLs, file names, and AWS/GCP keys.
  • Uppercase only — A–Z (26 chars). Easy to read aloud over phone or in screenshots.
  • Digits only — 0–9 (10 chars). PINs, OTPs, and numeric codes.

Privacy

All strings are generated locally by your browser's Math.random(). Nothing is sent to any server. The page is fully static — there is no network request made when you click Generate.

Frequently asked questions

Is this cryptographically secure?

No — this uses Math.random(), suitable for test data and mock IDs. For production secrets, use Node.js crypto.randomBytes() or the Web Crypto API (crypto.getRandomValues()).

What is URL-safe character set?

Only A–Z, a–z, 0–9, hyphen, and underscore — characters that need no percent-encoding in URLs. Safe for query params, path segments, and file names.

How long should a random token be?

Password reset/session tokens: 32+ alphanumeric chars. API keys: 32–64 chars. Hex tokens: 32 hex chars = 128 bits entropy. The longer, the harder to brute-force.

Are generated strings logged anywhere?

No. Generation runs in your browser — nothing is sent to any server. The strings exist only in your browser tab.

Related tools

Text RepeaterRepeat any text N times with a custom separator.Add Prefix / SuffixPrepend/append text to every line — wrap in quotes, add list markers.Word CounterWords, characters, sentences, paragraphs, and reading time together.Character CounterCharacter counts with and without spaces, plus letter and digit tallies.