JavaScript Notes
Learn to build a secure random password generator in JavaScript with length control, character type toggles, strength meter, copy to clipboard, and history.
What You'll Learn
- How to build a configurable character pool from selected character types
- How to generate a cryptographically stronger password with
crypto.getRandomValues() - How to implement a password strength meter based on entropy
- How to add a "Copy to clipboard" button
- How to keep a history of recently generated passwords
Project Overview
A password generator creates a random string from a configurable character pool. Users choose the length and which character types to include. A strength meter shows how secure the generated password is.
Component Structure
How It Works — Flow Diagram
buildCharPool()
→ concatenate enabled character sets
→ optionally remove ambiguous chars
generatePassword(length, pool)
→ for each position: pick crypto-random index from pool
→ ensure at least one char from each enabled set
→ return shuffled result
calculateStrength(password, pool)
→ entropy = log2(poolSize^length)
→ map to Very Weak / Weak / Fair / Strong / Very StrongStep-by-Step Build
Step 1 — Character Sets
Step 2 — HTML Structure
<div class="pw-generator">
<h1>Password Generator</h1>
<div class="length-control">
<label>Length: <span id="lengthVal">16</span></label>
<input type="range" id="lengthSlider" min="6" max="64" value="16">
</div>
<div class="charset-options">
<label><input type="checkbox" id="inclUppercase" checked> Uppercase (A-Z)</label>
<label><input type="checkbox" id="inclLowercase" checked> Lowercase (a-z)</label>
<label><input type="checkbox" id="inclDigits" checked> Numbers (0-9)</label>
<label><input type="checkbox" id="inclSymbols" checked> Symbols (!@#...)</label>
<label><input type="checkbox" id="exclAmbiguous"> Exclude ambiguous (0, O, l, 1)</label>
</div>
<div class="output-row">
<input type="text" id="pwOutput" class="pw-output" readonly>
<button id="copyBtn" class="btn-copy">📋</button>
</div>
<div class="strength-bar-container">
<div id="strengthBar" class="strength-bar"></div>
</div>
<p id="strengthLabel" class="strength-label"></p>
<p id="entropyLabel" class="entropy-label"></p>
<button id="regenBtn" class="btn-regen">🔄 Regenerate</button>
<div class="history-section">
<h3>History</h3>
<ul id="pwHistory"></ul>
</div>
</div>Step 3 — Build Character Pool
function buildPool() {
let pool = "";
if (document.getElementById("inclUppercase").checked) pool += CHARSETS.uppercase;
if (document.getElementById("inclLowercase").checked) pool += CHARSETS.lowercase;
if (document.getElementById("inclDigits").checked) pool += CHARSETS.digits;
if (document.getElementById("inclSymbols").checked) pool += CHARSETS.symbols;
if (document.getElementById("exclAmbiguous").checked) {
pool = pool.replace(AMBIGUOUS, "");
}
return pool;
}Step 4 — Generate Password (Crypto-Secure)
Step 5 — Strength / Entropy Calculation
Step 6 — Render & Auto-Generate
Step 7 — Copy to Clipboard
Step 8 — Wire All Events & Initialize
Console Output
buildPool() → "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$..."
pool.length = 88
generatePassword(16, pool)
→ crypto.getRandomValues([...16 random integers])
→ required chars: ["M", "k", "7", "!"]
→ remaining 12 chars from pool
→ shuffled → "P@x7!mKz#3vNqL2"
calculateEntropy(16, 88)
→ 16 × log2(88) = 16 × 6.46 = ~103 bits
getStrengthLabel(103) → { label: "Very Strong", pct: 100 }Edge Cases to Handle
| Situation | Expected Behavior |
|---|---|
| No charset selected | Warning: "Select at least one type" |
| Length shorter than required chars | Clamp length to minimum (4 if all selected) |
| Ambiguous exclusion removes all pool chars | Fallback warning |
| Copy on HTTP (no clipboard API) | Use execCommand("copy") fallback |
| Slider to max (64) | Valid long password generated |
Challenge Yourself
- Pronounceable passwords — generate phonetically readable passwords (like "korbi-9424")
- Passphrase mode — generate 4-word passphrases like "correct-horse-battery-staple"
- Password checker — paste any password and evaluate its strength
- Dark mode — style the strength bar with dark-theme colors
- Browser extension — package this as a browser extension popup
Best Practices
- Use
crypto.getRandomValues()instead ofMath.random()for security-sensitive passwords - Always guarantee at least one character from each enabled set before shuffling
- Calculate entropy as
log2(poolSize^length) = length × log2(poolSize) - Shuffle the password after placing required characters (Fisher-Yates) to avoid predictable positions
- Never log or store passwords in plaintext beyond a short session history
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Build a JavaScript Random Password Generator - Step by Step Tutorial.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this JavaScript Master Course topic.
Search Terms
javascript-complete-guide, javascript master course, javascript, complete, guide, mini, projects, random
Related JavaScript Master Course Topics