What's a good way to create an 8-character random password in JavaScript containing a-z, A-Z, and 0-9?

Hey everyone! :–)

I’m working on a prototype and need a JavaScript password generator that produces realistic-looking passwords without worrying about security.

I will explain my initial plan:-

Idea is to loop 8 times, generate random ASCII codes with Math.random(), then convert them to characters.

But I thought there must be some other simpler and hence better method for the aforesaid problem statement. Please help me out here with your experience :raised_hands:

Hello there @Apurvaugale! Your approach to generating random strings or passwords is on the right track, but I’ve got a little refinement that might make it even more robust and readable for you and your team!

Instead of generating ASCII codes blindly, a much cleaner method is to define a character pool string containing all your allowed characters, then pick randomly from that.

Here’s how it looks:

const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
let password = "";
for (let i = 0; i < 8; i++) {
  password += chars.charAt(Math.floor(Math.random() * chars.length));
}

This way, it’s immediately clear to anyone reading the code exactly what characters are included in your password generation, and it’s also much easier for your team to modify later if requirements change.

Hope this tip helps streamline your random string generation!

Hello @Apurvaugale continuing this discussion, following the character pool string method by @joe-elmoufak

To keep it concise and modern, you can combine Array.from() with map():

const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
const password = Array.from({ length: 8 }, () => chars[Math.floor(Math.random() * chars.length)]).join('');

This looks remarkably neat, and it’s excellent if you’re working with teammates who appreciate functional JavaScript patterns—it’s both easy to understand and quick to tweak if your requirements change.

Thanks for reading folks!! Hope this comes to some use of yours.

Hello @Apurvaugale and everyone discussing random string generation in JavaScript! Adding a fascinating, more cryptographically secure option to the methods already shared by @joe-elmoufak and @ian-partridge.

Even if strict security isn’t your primary concern, but you want to avoid Math.random() quirks, you can tap into the browser’s crypto API for a more robust solution:

const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
const array = new Uint32Array(8);
window.crypto.getRandomValues(array);

let password = "";
for (let i = 0; i < 8; i++) {
  password += chars[array[i] % chars.length];
}

This method is a bit more robust and relies on a stronger source of randomness provided by the system. It can truly impress your team as a thoughtful, future-proof approach, even for prototyping secure features.

Hope this advanced technique gives you another powerful tool for random generation!:sparkles: