🎲 Secure Password & Passphrase Generator

Last updated: May 11, 2026

🎲 Password & Passphrase Generator

Cryptographically secure — CSPRNG runs 100% in your browser. Nothing is sent anywhere.

20
5
Click Generate to create your credential.
Entropy:
— bits

Generate a password or passphrase to see its strength.

Why Your Password Strategy Is Probably Broken (And How to Fix It)

Most people pick passwords the same way: start with something memorable, add a capital letter at the front, swap a letter for a number, tack on an exclamation mark at the end. P@ssw0rd! feels secure. It has uppercase, lowercase, digits, and symbols — the classic four-checkbox pass. But a modern GPU can crack that specific pattern in under a second, because attackers don't try random characters. They try patterns. They know humans capitalize first letters, substitute "a" with "@", and end with punctuation. That entire category of passwords is effectively precomputed.

This is why the source of randomness matters as much as the complexity rules.

CSPRNG: The Only Randomness That Counts

Your browser exposes crypto.getRandomValues(), which feeds from the operating system's cryptographically secure pseudorandom number generator (CSPRNG). On macOS, that's the Secure Enclave and /dev/random. On Windows, it's CNG (Cryptography Next Generation). On Linux, it draws from the kernel entropy pool seeded by hardware events. Every bit it produces is statistically indistinguishable from true randomness and is completely unpredictable to an attacker.

The generator above uses this exclusively — no Math.random(), which is seeded deterministically and designed for speed, not security. The difference is enormous. Math.random()'s output can be reconstructed from a handful of observed values. A CSPRNG's output cannot be reverse-engineered even given the entire previous output stream.

Password Mode: How Much Entropy Do You Actually Need?

Entropy, measured in bits, tells you how many guesses it would take to crack a credential by brute force. Each bit doubles the search space. A 40-bit password needs roughly a trillion guesses. That sounds like a lot until you realise a modern password-cracking rig using GPU clusters can attempt hundreds of billions of guesses per second against offline-leaked hashes.

The practical benchmarks:

  • Below 50 bits — Crackable offline in hours to days. Avoid for anything that matters.
  • 60–70 bits — Comfortable for online accounts where rate limiting applies. A 12-character password with all four character classes lands here.
  • 80+ bits — Strong enough that even offline GPU cracking is infeasible for years. A 16-character fully mixed password delivers around 104 bits.
  • 100+ bits — Considered overkill for most uses, but appropriate for master passwords protecting vaults full of other credentials.

A 20-character password using uppercase, lowercase, digits, and symbols from an 88-character set delivers about 130 bits of entropy. That's the default in this tool — strong enough that the heat death of the universe arrives before exhaustive search does.

The Ambiguous Character Problem

One underrated option is excluding visually ambiguous characters: the letter O and digit 0, uppercase I and lowercase l and digit 1. If you ever need to read a generated password aloud, type it on a device without paste support, or write it on paper, these characters cause real errors. The tool's "exclude ambiguous" checkbox removes them without meaningfully reducing entropy at reasonable lengths — the character set shrinks from 95 to about 86, costing you roughly 0.15 bits per character. For a 20-character password, that's less than 3 bits total. Completely acceptable.

Passphrase Mode: The Correct-Horse-Battery-Staple Approach

The famous xkcd comic from 2011 introduced a genuine insight: four random common words produce more entropy than a mangled short password, and they're far easier to remember. "correct horse battery staple" has about 44 bits from a 2048-word list. From a 7776-word EFF diceware list, four words gives 51 bits. Five words gives 64 bits. Six words gives 77 bits.

The key word is random. If you choose words yourself — even if you try to be random — you introduce human bias. You'll gravitate toward words you know well, avoid uncommon ones, and unconsciously create patterns. A CSPRNG has no such preferences. Every word in the list is equally likely on every draw.

The tool's wordlist contains 300 carefully chosen words, giving approximately 8.2 bits per word. Five words yields about 41 bits — perfectly respectable for sites with rate limiting and two-factor authentication. For a master vault password, use 7–8 words (57–66 bits) and add a number suffix.

Separators Matter More Than You'd Think

Using a hyphen between words doesn't reduce entropy if your separator choice is itself random. But it dramatically improves readability and typing accuracy. The real question is what your target system accepts. Some legacy systems truncate at spaces; others reject hyphens in passwords. The tool offers six separator options for this reason.

Adding a capitalised first letter to each word gives you roughly 1 extra bit per word (1 in 2 chance the word is capitalised vs not) — modest, but it also satisfies the "must contain uppercase" rule that many sites enforce without making you contort your passphrase into something unreadable.

The Rejection Sampling Trick

One subtle correctness detail: naive modulo operations on CSPRNG output introduce statistical bias. If your charset has 95 characters and your raw random integer is drawn from 0–4,294,967,295 (a 32-bit space), then 4,294,967,296 divided by 95 leaves a remainder. The characters corresponding to that remainder get picked slightly more often. Over millions of passwords this becomes measurable.

The generator uses rejection sampling: it discards any random value that falls in the biased remainder range and draws again. Because the remainder is tiny relative to the 32-bit range, this almost never requires more than one retry. The result is perfectly uniform character selection.

What This Tool Does Not Do

It does not store, log, transmit, or remember any generated password. The entire computation happens in your browser's JavaScript engine. Closing the tab discards everything. There is no analytics, no server ping, no network request of any kind during generation. You can disconnect from the internet and it will work identically.

It also does not auto-fill or integrate with any site. Its job is generation only. Paste the result into your password manager — which should be the only place your raw credentials live.

Quick Recommendations by Use Case

  • Master password for a password manager — 7-word passphrase, capitalised, hyphen separator, number suffix. Memorable and unbreakable.
  • Site logins stored in your manager — 20-character random password, all four character classes. You'll never type it manually, so readability is irrelevant.
  • Wi-Fi password (shared verbally) — 5-word passphrase, no separator or space, so it reads naturally. Exclude number suffix if people will type it on phones.
  • PIN or numeric-only field — Use the digits-only password mode with length 8–12. Never use birthdates, postal codes, or repeated digits.
  • Two-factor backup codes — These come from the service, not from you. Store them in your password manager alongside the account.

The common thread: let the CSPRNG decide, set the length to generous, and use a password manager so you only have to remember one strong master credential. Everything else should be machine-generated and machine-recalled.

FAQ

Is it safe to generate passwords in a browser tool?
Yes, provided the tool uses the browser's built-in crypto.getRandomValues() and makes no network requests. This generator runs entirely locally — you can disconnect from the internet and it still works. Nothing is ever sent to a server. The only risk would be if malware on your device is keylogging your clipboard, which no generator (browser or desktop) can protect against.
How is a passphrase stronger than a complex short password?
Strength comes from entropy — the total number of possible outputs. A 5-word passphrase from a 300-word list has about 41 bits of entropy; from a 7776-word EFF list it's 64 bits. A complex 8-character password using 95 characters has only 52 bits. Longer passphrases from large wordlists easily beat short passwords on raw entropy while being dramatically easier to remember and type.
What does the entropy score actually mean?
Entropy in bits tells you the size of the search space an attacker must cover to brute-force your credential. Every additional bit doubles the search space. At 80 bits, even a dedicated GPU cluster running at 100 billion guesses per second would take longer than the age of the universe to exhaust all possibilities. 60 bits is comfortable for rate-limited online logins; 80+ bits is suitable for offline secrets.
Why does the tool use rejection sampling instead of simple modulo?
When you take a random integer modulo a charset size, the distribution is slightly uneven because 2^32 is rarely divisible evenly by the charset length. Rejection sampling discards values in the biased 'overflow' zone and draws again. This virtually never loops more than once but guarantees every character in the charset is equally likely — a mathematically correct uniform distribution.
Should I use a password or a passphrase?
Use a passphrase for credentials you need to type or remember: your master password manager key, device login, Wi-Fi password. Use a random character password for everything else — website logins, API keys, service accounts — since your password manager types it for you and readability is irrelevant. Both modes here generate cryptographically secure output; the choice is purely about usability.
What does 'exclude ambiguous characters' do?
It removes characters that look visually similar across fonts: the letter O and digit 0, uppercase I, lowercase l, and digit 1. This prevents transcription errors when reading a password from a screen or paper. The entropy cost is minimal — roughly 0.15 bits per character at common charset sizes — so for passwords of 16+ characters the practical security impact is negligible while readability improves significantly.