Generate cryptographically secure passwords and passphrases using the browser's Web Crypto API. Nothing is sent to a server.
Click Generate to create a password
Share this tool
Found it useful? Help a fellow developer discover it.
Random password
A string of random characters from your chosen sets (upper, lower, digits, symbols). Hard for computers to guess, but hard for humans to remember. Best stored in a password manager.
k#9Xm$vL2qRpN7@sPassphrase
A sequence of random words separated by a delimiter. Easier to remember and type than a character password, while still providing strong entropy. Based on the EFF wordlist concept.
Marble-Cricket-Sunset-42| Rating | Approximate entropy | Suitable for |
|---|---|---|
| Weak | < 40 bits | Not recommended for any account |
| Fair | 40–60 bits | Low-value accounts with mandatory rotation |
| Strong | 60–80 bits | Most accounts, email, social media |
| Very strong | > 80 bits | Financial accounts, master passwords, API keys |
For character passwords, 16 characters is a strong minimum for most accounts. For anything protecting sensitive data such as email, financial accounts, or a password manager master password, use 20 or more characters. For passphrases, five or more random words provide equivalent strength and are far easier to remember.
A five-word passphrase from a large wordlist provides roughly 60 bits of entropy, comparable to a 12-character random password using uppercase, lowercase, digits, and symbols. Passphrases are easier to type and remember without sacrificing meaningful security. Use a random character password for accounts where you always copy-paste from a password manager.
Yes. This tool generates strong passwords, but storing them safely is equally important. A password manager such as Bitwarden, 1Password, or KeePass lets you use a unique high-entropy password for every account without memorising any of them. The generator produces passwords that are deliberately too complex to memorise, which is exactly what a manager is designed to handle.
Yes. Passwords are generated using crypto.getRandomValues(), the browser's cryptographically secure pseudo-random number generator (CSPRNG). It is the same entropy source used by TLS and other security-critical browser operations. The generator never uses Math.random(), which is not cryptographically secure.
No. The generator runs entirely in your browser. Passwords are created in memory, displayed on screen, and discarded. Nothing is logged, stored, or transmitted. You can disconnect from the internet and the generator will still work.
This removes characters that look similar in many fonts: 0 (zero) and O (capital oh), l (lowercase L) and I (capital i), and 1 (one). Enable this when you need to read or type the password manually and want to avoid transcription errors.
Four words from a 512-word list give approximately 36 bits of entropy, while six words give approximately 54 bits. For a master password or anything protecting sensitive data, use at least 5 words plus a digit. For less critical accounts, 4 words with a separator is sufficient and much easier to remember than a character password.
The Electronic Frontier Foundation published curated wordlists specifically designed for generating memorable passphrases. Words are chosen to be common, unambiguous, and clearly distinct from each other. This tool uses a curated subset of common English words following the same principles.
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any string.
UUID / ULID Generator
Generate RFC-4122 UUIDs (v1, v4, v5) and ULIDs instantly.
JWT Generator & Verifier
Generate and verify JWT tokens with HS256 or RS256 signing.
MCP Config Builder
Build MCP server configs for Claude Desktop and Claude Code visually. Add presets, set env vars, copy JSON instantly.