Security Tools

Password Generator

Generate a strong random password right in your browser. Nothing is sent anywhere — the password exists only on your screen until you copy it.

What makes a password strong?

Two things: length and randomness. Every extra character multiplies the number of guesses an attacker needs. A truly random 16-character password with mixed character sets has more combinations than there are atoms in a human body — no realistic computer can brute-force it.

Password styleTime to crack (offline, modern GPU rig)
password123Instant (it's in every wordlist)
8 chars, lowercase onlyMinutes
10 chars, mixed case + numbersMonths
16 chars, all character sets, randomBillions of years

The rules that actually matter

Passphrases: the memorable alternative

If you must memorize a password (like your master password), four to five random common words — "orbit-velvet-thunder-maple" — are both easier to remember and mathematically stronger than a short "complex" password. The trick is the words must be genuinely random, not a sentence you'd naturally say.

Frequently asked questions

Is it safe to generate a password on a website?

On this page, yes — generation uses your browser's built-in cryptographic randomness (crypto.getRandomValues) and runs entirely on your device. You can verify by loading the page, disconnecting from the internet, and generating — it still works.

How often should I change passwords?

Modern guidance (including NIST's): don't change on a schedule — change immediately when there's any sign of a breach. Forced rotation leads to weaker, patterned passwords.

What length should I pick?

16 is a strong default. Use 20+ for anything critical, and shorter only when a site forces a limit.