Password Generator

What makes a password strong?

Password strength is measured by entropy — the number of possible combinations an attacker must try. Each additional character and character type multiplies the search space exponentially:

NIST password guidelines (SP 800-63B)

• Use at least 8 characters minimum — 15+ is strongly recommended for privileged accounts.
• Length matters more than complexity rules — a long random passphrase beats a short complex password.
• Never reuse passwords — use a password manager to store unique passwords for every service.
• Check passwords against known breach databases — services like Have I Been Pwned expose billions of leaked passwords.

Hashing passwords in code

// Never store passwords in plain text — always hash with bcrypt/argon2
// Node.js (bcrypt)
const bcrypt = require("bcrypt");
const hash = await bcrypt.hash(password, 12); // 12 = cost factor
const match = await bcrypt.compare(input, hash);

// Python (argon2-cffi — recommended)
from argon2 import PasswordHasher
ph = PasswordHasher()
hash = ph.hash(password)
ph.verify(hash, input)  # raises if mismatch

How secure are the generated passwords?

Passwords are generated using crypto.getRandomValues(), the same cryptographic API used by browsers for TLS encryption. No patterns, no pseudo-random tricks — true cryptographic randomness.

Is my password sent to any server?

No. Everything happens in your browser. No passwords are transmitted, stored, or logged anywhere. Your device generates the password locally.

What makes a strong password?

A strong password is long (16+ characters), uses all character types (uppercase, lowercase, numbers, symbols), and is randomly generated — not based on dictionary words or patterns.

Can I generate multiple passwords at once?

Yes. Use the bulk generation option to create 1, 5, or 10 passwords simultaneously. All can be copied individually or as a batch.