Password Generator
Create cryptographically strong random passwords. Control length, character sets, symbols, and quantity. All generation happens in your browser — passwords are never sent to any server.
All passwords are generated using the browser's crypto.getRandomValues() API — a cryptographically secure RNG. No password is ever sent to any server. Nothing is logged or stored.
Why use a password generator?
Humans are terrible at creating truly random passwords. We tend to use memorable words, predictable patterns (like P@ssword1!), or we reuse the same password across accounts. A cryptographically secure generator removes all of that predictability.
True randomness
Uses your device's hardware entropy source — the same API used by cryptographic software.
No patterns
Each character is selected independently. No dictionary words, names, or dates.
Unique per use
Every click generates a completely different password — use one per account.
Password length vs. strength
Longer passwords are exponentially harder to crack. The table below shows estimated crack times for a password using all character types (upper, lower, numbers, symbols).
| Length | Possible combinations | Crack time (1B guesses/sec) | Verdict |
|---|---|---|---|
| 8 chars | 6.7 quadrillion | ~2 hours | Weak |
| 12 chars | 475 quintillion | ~15 years | Fair |
| 16 chars | 33 sextillion | ~1 million years | Strong |
| 20 chars | 2.3 septillion | > age of universe | Excellent |
| 128 chars | Astronomically large | Computationally impossible | Maximum |
* Crack times assume a brute-force attack at 1 billion guesses per second on a single machine. GPU clusters or quantum computers may be significantly faster. Use 16+ character passwords for anything important.