Password Generator

Generate secure passwords, passphrases, and PINs — analyze strength, bulk generate, and customize every detail. 100% client-side, nothing stored.

None
0 bitscrack: instant
16
4128

About this Password Generator

This free password generator uses the Web Crypto API (crypto.getRandomValues) — cryptographically secure randomness that is impossible to predict, unlike Math.random(). Every password is generated entirely in your browser. Nothing is transmitted, logged, or stored — not even temporarily.

Features

  • Single password generator — Length 4–128, uppercase, lowercase, numbers, symbols, ambiguous/similar char exclusions, custom charset.
  • Quick presets — Master password, WiFi, Banking, API key, Mobile-friendly, Dev/SSH — one click to configure.
  • Bulk generator — Generate 5–100 passwords at once, copy all, or download as a .txt file.
  • Passphrase generator — Word-based passwords (correct horse battery staple style), 3–10 words, custom separators, capitalize, append numbers/symbols.
  • PIN generator — 4–20 digit numeric PINs, generate multiple at once.
  • Password analyzer — Paste any password to see entropy in bits, estimated crack time (at 1 trillion guesses/sec), character composition, and specific security warnings.
  • Strength meter — Live 4-segment bar with Flesch-style score, entropy bits, and crack time for every generated password.
  • History — Last 15 generated passwords, in-session only, clearable.

Frequently asked questions

Is this password generator truly random and secure?

Yes. It uses crypto.getRandomValues(), the same cryptographically secure API used by browsers for TLS. It is seeded by the operating system's entropy source and is not predictable, unlike JavaScript's Math.random().

Are my passwords stored or sent to a server?

No. All generation happens client-side in your browser. No password ever leaves your device. The history shown is stored only in React state and is wiped when you close or refresh the tab.

How long should my password be?

For most accounts: 16+ characters. For a master password (password manager): 20+ characters with symbols. For passphrases: 4+ words. NIST 2024 guidelines recommend length over complexity.

What does entropy mean?

Entropy measures unpredictability in bits. Each bit doubles the number of guesses needed to crack a password. 40 bits ≈ fair, 60 bits ≈ good, 80+ bits ≈ very strong against even nation-state attacks. It is calculated as log₂(pool_size ^ length).

What is a passphrase and why use one?

A passphrase is a sequence of random dictionary words (e.g., "Marble-Forest-Zephyr-Knight42"). They are easier to memorize, faster to type, and can achieve high entropy with fewer characters than random passwords. A 4-word passphrase has approximately 48–52 bits of entropy.

What are ambiguous characters and why exclude them?

Characters like I (capital i), l (lowercase L), 1 (one), O (capital o), and 0 (zero) look nearly identical in many fonts. Excluding them avoids transcription errors when typing passwords manually.

What is the crack time based on?

Crack time is estimated assuming an attacker can attempt 1 trillion (10¹²) guesses per second — a realistic rate for high-end GPU clusters used in offline attacks. Online attacks are much slower, but offline attacks on leaked hashes can be extremely fast.