Random Letters Password Generator
Why alphabet-only?
Some systems restrict passwords to letters only — no digits, no special characters. Legacy applications, certain Wi-Fi captive portals, and some embedded devices enforce this constraint. Alphabet-only passwords are also easier to type on mobile keyboards and read aloud without ambiguity.
With 52 possible characters (26 lowercase + 26 uppercase), a 16-character alphabet password still provides approximately 91 bits of entropy — far more than enough for most applications.
Password strength
With a character set of 52 letters, entropy scales with length:
| Length | Entropy | Possible combinations | Time to crack |
|---|---|---|---|
| 8 | ~46 bits | 53 trillion | Minutes to hours |
| 12 | ~68 bits | 3.9 × 10²⁰ | Decades |
| 16 | ~91 bits | 2.1 × 10²⁷ | Millennia |
| 24 | ~136 bits | 5.7 × 10⁴⁰ | Heat death of universe |
Crack times assume 100 billion guesses per second.
Use cases
- Systems that reject special characters or digits in passwords
- Temporary access codes that need to be spoken aloud
- Readable API keys and tokens for internal tools
- Test data and placeholder passwords for development
- Wi-Fi passwords that guests need to type manually
- Short-lived session tokens or invite codes
How it works
- Your browser generates cryptographically secure random bytes using the Web Crypto API
- Each byte is mapped to one of 52 letters (a–z, A–Z) using modular arithmetic
- Characters are assembled into a password of your specified length
- The password exists only in your browser — nothing is sent to any server
Frequently asked questions
Is an alphabet-only password secure enough?
Yes, if it's long enough. A 16-character alphabet password has ~91 bits of entropy — comparable to a 14-character password using all character types. Length compensates for a smaller character set.
Should I use uppercase and lowercase?
This generator uses both by default, giving you 52 characters instead of 26. If the system is case-insensitive, your effective character set drops to 26 — use a longer password to compensate.
When should I use a full-character password instead?
When the system allows it and password length is limited. If you can only use 8–12 characters, including digits and symbols significantly increases entropy. For unlimited-length passwords, alphabet-only is perfectly fine.
Privacy and security
Your generated passwords never leave your device. This tool runs entirely in your browser using client-side JavaScript — no API calls, no server logs, no cookies, and no tracking of generated passwords. The source code is fully transparent and can be inspected in your browser's developer tools.