Initialising Workbench...
Generate strong random passwords, diceware passphrases, or memorable passwords with a mnemonic sentence — all created locally in your browser with the Web Crypto API.
…Every tool runs entirely in your browser. Nothing you type is uploaded, stored, or logged on our servers.
The Password Generator goes beyond the usual random string: pick classic random passwords with fine-grained character controls, diceware passphrases built from the EFF short wordlist, or a memorable password with a mnemonic sentence — a silly phrase like "My lazy Panda juggled 47 shiny Tacos!" whose initials become a strong, mixed-character password you can actually remember.
Strength is measured honestly: entropy in bits is computed from the real generation process, with a crack-time estimate for an offline GPU attacker. Everything runs client-side with the Web Crypto API (including unbiased rejection sampling) — no password ever leaves your browser.
Yes. Every password is generated entirely in your browser using the Web Crypto API (crypto.getRandomValues), a cryptographically secure random source. Nothing you generate is ever sent to, stored on, or logged by our servers — you can even disconnect from the internet and the tool keeps working.
The Memorable tab builds a short, vivid sentence like "My lazy Panda juggled 47 shiny Tacos!" and turns the first letter of each word (plus the number and symbol) into your password — MlPj47sT!. You memorize the silly sentence, which brains are very good at, and reconstruct the password from it whenever you need it.
A passphrase strings together random words from the EFF short wordlist of 1,296 words. Each word adds about 10.3 bits of entropy, so a 5-word passphrase (~52 bits) is comparable to a strong random password while being far easier to type and remember. Adding words scales strength quickly — 7 words exceeds 72 bits.
We compute real entropy in bits from the actual generation process — pool size and length for random passwords, wordlist size for passphrases, and word-bank sizes for mnemonics — rather than guessing from the characters in the result. The crack-time estimate assumes an offline attacker testing 10 billion guesses per second against a fast hash.
For important accounts, use at least 16 random characters or a 5-word passphrase (roughly 50+ bits of entropy). For anything protecting high-value data — password manager master passwords, disk encryption — aim for 80+ bits: about 20 random characters or 8 diceware words.
It removes look-alike characters such as 0/O, 1/l/I, and | from the pool. This slightly reduces entropy but makes passwords much easier to read out loud or type from paper — useful for Wi-Fi keys and passwords you share verbally.
No — reuse is the single biggest password risk, because one breached site exposes every account sharing that password. Generate a unique password per site and store them in a password manager; reserve the memorable mnemonic passwords for the few you must type from memory.