Password Generator
Generate cryptographically secure passwords. Everything runs in your browser using crypto.getRandomValues().
Why Use a Password Generator?
Humans are terrible at creating random passwords. We tend to use patterns, dictionary words, and predictable substitutions (@ for a, 3 for e) that attackers exploit. A cryptographic random generator produces truly unpredictable passwords that resist brute-force and dictionary attacks.
Password Entropy
Entropy measures password strength in bits. Each additional bit doubles the number of possible combinations. For reference:
- Below 40 bits — Weak. Can be cracked in seconds to minutes.
- 40-60 bits — Fair. Resists casual attacks but not dedicated ones.
- 60-80 bits — Strong. Suitable for most applications.
- 80+ bits — Very strong. Infeasible to brute-force with current technology.
Passwords vs Passphrases
Passphrases (like correct-horse-battery-staple) are easier to remember than random character strings while maintaining high entropy. This generator uses a curated 2,268-word list (~11.15 bits per word). A 5-word passphrase provides ~55 bits of entropy, while 8 words gives ~89 bits. For maximum security (128+ bits), use 12 words.
Unlike random passwords where strength comes from character diversity, passphrase security depends entirely on the number of words and the dictionary size. An attacker who knows your exact word list still needs to try all possible combinations — that is what makes passphrases secure.