Password Generator

Strong passwords or memorable passphrases — cryptographically random in your browser.

{{ __t('entropy') }}: {{ strength.bits }} bits

{{ __t('opt_heading') }}

{{ __t('opt_heading') }}

{{ __t('batch_heading') }}

What makes a good password?

A strong password resists both brute-force and dictionary attacks. Four core principles:

  • Long — at least 12, ideally 16+ characters. Every extra character multiplies the work for attackers.
  • Mixed — combine upper-/lowercase letters, digits and symbols
  • Unique — every account needs its own password. One leak must not endanger all your accounts.
  • Random — no birthdays, names, or dictionary words. True randomness (via `crypto.getRandomValues`) is essential.

Passphrases vs. passwords

A passphrase of 4–6 random words (the Diceware method) offers security comparable to a random character password but is far easier to remember and type. For master passwords (password managers, disk encryption), passphrases are often the better choice.

Is this generator secure?

Yes. Random numbers come from `crypto.getRandomValues()` directly in your browser — a cryptographically secure source. There is no server round-trip, no log, no tracking. You can inspect the implementation in your browser's developer tools at any time.