Password Generator
Generate cryptographically secure passwords with full control over length, character sets (uppercase, lowercase, numbers, symbols), and exclusions. Shows password strength and estimated crack time.
Uses crypto.getRandomValues() — cryptographically secure random generation.
Frequently Asked Questions
How many bits of entropy is enough?
For most accounts: 80+ bits is very good. For critical accounts (banking, master passwords): 100+ bits. NIST recommends 80-bit minimum. Our 20-character mixed-character password has ~128 bits — effectively uncrackable with current technology.
Is it safe to use this to generate passwords?
Yes — this tool uses the browser's crypto.getRandomValues() API which is a CSPRNG (Cryptographically Secure Pseudo-Random Number Generator). The passwords are generated entirely in your browser and never sent to any server.
Should I use a passphrase instead?
Passphrases (4-6 random words like 'correct horse battery staple') are easier to remember and can have equal or higher entropy. For a password manager's master password, a passphrase is generally recommended. For API keys and service accounts, random character passwords are preferred.