Secure Password Generator

Generate strong, random passwords with customizable options. All passwords are generated locally in your browser using the crypto.getRandomValues() API - nothing is sent to any server.

---

---

How It Works

This tool generates cryptographically secure random passwords using the Web Crypto API (crypto.getRandomValues()). Unlike Math.random(), this provides true cryptographic randomness suitable for security-sensitive applications. Everything runs entirely in your browser - no data is ever sent to a server.

Random Character Mode

Builds a character pool from your selected types (uppercase, lowercase, digits, symbols), then picks characters uniformly at random from that pool. Each character position is independent, maximizing entropy for the given length and character set.

Passphrase Mode

Selects words at random from a curated list of common English words. Passphrases like "correct horse battery staple" are easier to remember than random character strings while providing excellent entropy. With 4+ words and a separator, passphrases typically exceed 50 bits of entropy - enough to resist offline attacks.

Understanding Entropy

Entropy measures unpredictability, calculated as log2(possible_combinations). Higher entropy means a stronger password:

• < 40 bits: Very weak - crackable in seconds
• 40 - 60 bits: Weak - crackable in minutes to hours
• 60 - 80 bits: Fair - would take days to months
• 80 - 128 bits: Strong - would take years to centuries
• > 128 bits: Very strong - practically uncrackable

Security Best Practices

• Length over complexity: A longer password is generally stronger than a shorter one with more character types.
• Unique passwords: Never reuse passwords across accounts. A breach on one site should not compromise others.
• Password managers: Use a password manager to store generated passwords securely.
• Two-factor authentication: Pair strong passwords with 2FA for additional security.

---

Feedback