Password Generator
Generate strong passwords with strength meter. Uses crypto.getRandomValues (cryptographically secure). Up to 128 chars, optional easy-to-type mode.
- 100% local · no upload
Frequently asked questions
How is randomness generated?
Uses crypto.getRandomValues() — the browser's cryptographic RNG. Not Math.random(), which is predictable. Also uses rejection sampling to avoid modulo bias.
What does the strength meter measure?
Shannon entropy in bits + 6 heuristic penalties: top-100 worst passwords, sequential patterns (123, abc, qwerty), character repetition, all-digit/all-letter, length penalty, common variations.
How long should my password be?
Minimum 12 chars for low-stakes. 16+ for important accounts. 20+ for crypto/banking. Length matters more than complexity above 12 chars.
Is "easy to type" less secure?
Slightly — removing similar chars (O/0, I/l/1, |) reduces alphabet size by ~5%. Trade-off: better usability, ~2 bits less entropy. Worth it for daily-use passwords.
Should I store generated passwords?
Yes — in a password manager (Bitwarden, 1Password, KeePass). Don't reuse passwords across sites. The same long password used twice is a single point of failure.