Password & Passphrase Generator
Generate strong, truly random passwords and memorable passphrases — using your browser's cryptographic randomness (Web Crypto), never a server. Nothing is sent, stored, or logged.
Real randomness, measured honestly
Every password and passphrase here is drawn from your browser's cryptographically secure random generator (the Web Crypto API's getRandomValues) — the same class of randomness used for encryption keys, not the predictable Math.random that many web generators quietly rely on. We also use rejection sampling so every character or word is exactly equally likely, with no subtle bias.
What the strength meter means
The meter shows entropy in bits — the real measure of how hard something is to guess. It's not a guess about your password; it's exact maths from the choices made: for a random password, length × log₂(character-pool size); for a passphrase, the number of words × log₂(list size). More bits means exponentially more guessing. As a rough guide, under 40 bits is weak, 60 is solid for most accounts, and 80+ resists even a well-funded offline attacker trying billions of guesses a second.
Passwords vs passphrases
A random 16-character password and a five-word passphrase can be comparably strong — but the passphrase is far easier to read, remember, and type, which is why we built it. The words are drawn from the EFF long wordlist (7,776 common words, about 12.9 bits each), the recognised standard for “diceware” passphrases. For anyone who finds long random strings genuinely hard to handle — which includes many dyslexic and dyspraxic users — a passphrase is usually the better strong choice. Whichever you pick, a password manager means you never have to type it twice.
Privacy
Generation happens entirely on your device. Nothing is sent over the network, stored, or logged — the generated value exists only in this browser tab until you copy it or leave. A password you generate here is yours alone; we never see it, and neither does anyone else.