Loading...
Loading...
Weak passwords are the number one cause of data breaches. This free Password Generator creates cryptographically secure passwords using your browser's built-in random number generator. Choose between random character passwords, memorable passphrases, or check the strength of your existing passwords. Everything runs locally on your device. Your passwords are never sent to any server.
Uses crypto.getRandomValues() for true randomness. No Math.random(). Same crypto API used by password managers.
Random passwords for maximum security, passphrases for memorability, and a strength checker for your existing passwords.
See exactly how strong your password is in bits of entropy with crack time estimates at 1 trillion guesses per second.
Everything runs in your browser. No data is sent to any server. Works offline. Clipboard auto-clears after 30 seconds.
This tool uses crypto.getRandomValues(), a cryptographically secure random number generator built into your browser. It builds a character pool from your selected types, picks characters randomly, guarantees at least one from each enabled type, and shuffles using Fisher-Yates.
Password strength depends on length and character variety. A 16-character password using uppercase, lowercase, numbers, and symbols has about 105 bits of entropy. Generally, 12+ characters with mixed types is strong. Avoid dictionary words and common patterns.
Entropy measures unpredictability in bits. It equals length times log2 of the character pool size. Below 25 bits is weak, 25-50 is fair, 50-80 is strong, and above 80 bits is very strong.
Yes. It uses crypto.getRandomValues() for all randomness, the same API used by password managers. No passwords are sent to any server. You can verify by disconnecting from the internet and using the tool offline.
A passphrase is a password made of random words, like 'correct-horse-battery-staple'. Passphrases are easier to remember and type while still being very secure. A 4-word passphrase from a 2000-word list has about 44 bits of entropy.
For random passwords, 12 characters minimum, 16+ for important accounts. For passphrases, at least 4 words (5-6 for critical accounts). PINs should be at least 6 digits. Longer passwords are exponentially harder to crack.
Pre-configured settings optimized for specific services. Google uses 16 characters with letters and numbers. High Security uses 24 characters with all types. PIN generates 6 digits. Clicking a preset applies settings and generates instantly.
Yes. Switch to the Check Strength tab and type or paste your password. It shows entropy bits, crack time, character breakdown, and improvement suggestions. It also checks against the top 1,000 most breached passwords.