Generate strong random passwords entirely in your browser using a cryptographically secure source. Configurable length, character classes, and exclusions — passwords never leave your device.
Generate strong passwords entirely in your browser. Nothing is sent to the server.
Pick one. Copy. Move on. Passwords regenerate every time you change a setting.
Passwords are generated using window.crypto.getRandomValues with
rejection sampling to avoid modulo bias. They are never sent to or stored on the server.
Practical reference for choosing a password length.
| Length | Entropy (full pool) | Suggested use |
|---|---|---|
| 8 | ~52 bits | Minimum for low-value accounts; assume it can be cracked offline |
| 12 | ~78 bits | Reasonable default for everyday accounts behind rate limits |
| 16 | ~104 bits | Strong default for general use. Recommended baseline. |
| 20 | ~131 bits | Sensitive accounts, admin credentials, root access |
| 32+ | ~210+ bits | Service tokens, signing keys, API secrets stored in vaults |
Read before relying on a generated password.
Use a password manager rather than memorising or pasting passwords into chat, notes, or shared documents.
Length beats character variety. A 20-character lowercase password is harder to crack than an 8-character mix of upper, lower, digits, and symbols.
For service accounts and tokens, prefer 32+ characters and store them in a secrets manager rather than environment files.