Ctrl+K

Password Generator

🔒 Runs in your browser — nothing is sent to a server

Generate strong, truly random passwords and passphrases entirely in your browser. Choose between a classic random password or a memorable multi-word passphrase. Every password is created with the browser's cryptographic random number generator and is never sent to a server, logged, or stored.

Very Strong · 93 bits entropy · crack time: effectively forever

FAQ

What makes a password strong?

Strength comes from three things working together: length, randomness, and character variety. A 20-character random password is astronomically harder to crack than a 10-character one, even if the shorter one has special characters. The real enemy is predictability — dictionary words, keyboard patterns, personal information, and repetition all reduce real strength.

What does "entropy" mean?

Entropy measures the unpredictability of a password, expressed in bits. Each additional bit roughly doubles the number of guesses an attacker would need.

As a rough guide: below 40 bits is weak, 60+ bits is strong, 80+ bits is considered effectively uncrackable with current hardware.

How is the randomness generated?

We use the browser's Web Crypto API (`crypto.getRandomValues`), which provides cryptographically secure random numbers sourced from your operating system's entropy pool. This is the same class of randomness used by SSL/TLS and modern password managers.

We never use `Math.random()` — it is fast but predictable and unsuitable for anything security-related.

Is my password safe? Where does it go?

The password is generated entirely inside your browser. Nothing is transmitted to our servers, nothing is logged, and nothing leaves your device. Once you close this page, any record of the password on our side is gone — because there never was one.

How often should I change my password?

Current security guidance (NIST, 2017 onwards) says: change only when there is a reason. Forced periodic changes actually make things worse — people pick weaker passwords so they can rotate them (Password1, Password2…).

Change your password if the service has been breached, if you suspect it is compromised, or if you have shared it.

Should I use a password manager?

Yes — absolutely. Nobody can memorise dozens of unique 16-character passwords, and you should not try. A password manager stores your encrypted passwords and fills them in automatically.

Free and open-source options include Bitwarden and KeePassXC. Any reputable manager is dramatically better than reusing passwords across sites.

Related tools

JWT Generator

Sign JWT tokens with HS256, RS256 or ES256 using a free online JWT generator

UUID Generator

Generate cryptographically random UUID v4 identifiers

Barcode Generator

Generate Code 128, EAN, UPC & more barcodes as PNG or SVG

QR Code Generator

Create QR codes for URLs, Wi-Fi, email, phone, and plain text

WiFi QR Code Generator

Generate WiFi QR codes — guests scan to auto-join your network