Password Generator
CSPRNG passwords, memorable passphrases and PINs — with honest crack-time estimates.
Three generators in one: random passwords with guaranteed character coverage, memorable passphrases built from a curated wordlist, and numeric PINs — all powered by your browser's cryptographic random source, never a server. The strength meter shows true entropy bits and a realistic offline crack-time, so "Strong" actually means something.
Frequently Asked Questions
How random are these passwords really?
They use your browser’s crypto.getRandomValues — a cryptographically secure random number generator — with rejection sampling to avoid modulo bias. That is the same quality of randomness password managers use, and generation happens entirely on your device.
What do the entropy bits and crack time mean?
Entropy measures how many guesses an attacker needs: each bit doubles the work. The crack-time estimate assumes an offline attacker testing 10 billion guesses per second (a serious GPU rig). 70+ bits is strong for most accounts; 100+ bits is effectively uncrackable.
Password or passphrase — which should I use?
For anything you must type or remember (laptop login, master password), a 5-6 word passphrase like Maple-Comet-Lagoon-Fern-Ember is both stronger and far easier to remember than P@s5w0rd!. For accounts stored in a password manager, long random passwords are perfect.
What does "exclude ambiguous" do?
It removes characters that look alike — 0/O, 1/l/I, S/5, B/8 — so passwords you have to read off a screen or print (Wi-Fi codes, shared credentials) cannot be mistyped.
Are generated passwords stored or sent anywhere?
No. Everything runs in your browser — no network request is made when generating. Refresh the page and they are gone, so copy them into a password manager first.