All passwords are generated using crypto.getRandomValues() — the browser's cryptographically secure random number generator. Nothing is ever transmitted to a server.
Frequently Asked Questions
Is this password generator secure?
Yes. crypto.getRandomValues() uses the OS-level CSPRNG (e.g. /dev/urandom on Linux, BCryptGenRandom on Windows). It is suitable for generating cryptographic keys, not just passwords.
What makes a strong password?
Length is the single most important factor. A 20-character password with mixed character sets has about 120 bits of entropy — effectively uncrackable with current technology. Use at least 16 characters for important accounts.
Should I use a password manager?
Yes. Generate a unique random password for every account and store them in a password manager such as Bitwarden, 1Password, or KeePassXC. Never reuse passwords.
How is password strength calculated?
Strength is based on password length and the number of character classes used. Weak: short or single class. Fair: medium length or 2 classes. Strong: 16+ chars or 3 classes. Very Strong: 20+ chars with all classes.
Related Tools