diff --git a/app/assets/javascripts/passwords.js b/app/assets/javascripts/passwords.js
index 44566cf..731da40 100644
--- a/app/assets/javascripts/passwords.js
+++ b/app/assets/javascripts/passwords.js
@@ -18,6 +18,10 @@ function revealPassword($src){
 // Use this instead of typical $().ready
 // because turbolinks.
 document.addEventListener("turbolinks:load", function() {
+  $("[data-id=genpass]").on("ajax:success", "a", function(e, data){
+    $(e.target).parent().find("input").val(data.hash);
+  });
+
   $("[data-id=passwd]").on("ajax:success", "a", function(e, data){
     getPassword($(e.target).parent(), data.hash);
   });
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 8bc8984..9f2bb85 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -10,7 +10,7 @@ class AccountsController < ApplicationController
   end
 
   def new
-    @account = Account.new
+    @account = Account.new(password: SecureRandom.urlsafe_base64(12))
   end
 
   def edit
@@ -20,6 +20,10 @@ class AccountsController < ApplicationController
     render json: { hash: @account.password }.to_json
   end
 
+  def genpass
+    render json: { hash: SecureRandom.urlsafe_base64(12) }.to_json
+  end
+
   def create
     @account = Account.new(account_params)
 
diff --git a/app/views/accounts/_form.html.erb b/app/views/accounts/_form.html.erb
index 8e27f63..f4d5ba2 100644
--- a/app/views/accounts/_form.html.erb
+++ b/app/views/accounts/_form.html.erb
@@ -16,9 +16,10 @@
     <%= f.text_field :username %>
   </div>
 
-  <div class="field">
+  <div class="field" data-id="genpass">
     <%= f.label :password %>
     <%= f.text_field :password %>
+    <%= link_to 'Generate', genpass_url, remote: true %>
   </div>
 
   <div class="field">
diff --git a/config/routes.rb b/config/routes.rb
index fad8164..9d87905 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 Rails.application.routes.draw do
+  get 'accounts/genpass', to: 'accounts#genpass', as: :genpass
   get 'accounts/reveal/:id', to: 'accounts#reveal', as: :reveal_password
   resources :accounts, except: [:destroy]
 
diff --git a/test/controllers/accounts_controller/view_test.rb b/test/controllers/accounts_controller/view_test.rb
index cc82772..cefc269 100644
--- a/test/controllers/accounts_controller/view_test.rb
+++ b/test/controllers/accounts_controller/view_test.rb
@@ -37,4 +37,12 @@ class AccountsControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert_match '1q2w3e4r5t6y7u', json['hash']
   end
+
+  test 'genpass should provide password' do
+    get genpass_url, xhr: true
+    json = JSON.parse(response.body).to_hash
+
+    assert_response :success
+    assert json['hash']
+  end
 end