How strong is strong?
Strength is measured in entropy bits: log₂ of the number of possible passwords. A 20-character password using all four character sets has around 130 bits — far beyond what any current hardware can brute-force. For most accounts, 16+ characters with mixed sets is more than enough; the bigger risks are reuse and phishing, not brute force.
Generated locally
Passwords are produced with crypto.getRandomValues(), the browser's cryptographically secure generator, using rejection sampling to avoid modulo bias. Nothing is transmitted or stored — once you leave this page the password exists only where you pasted it.
Better than a password: a manager
A generator pairs best with a password manager. Generate once, store it in the manager, and never memorize or reuse it. Reserve memorized passwords for the manager itself and your primary email.