ToolsGiver

Developer

Password Generator

Cryptographically secure passwords. Random, passphrase, PIN and pronounceable. Entropy + breach check.

Generating…
Strong99.7 bits
⏱ Crack time: longer than the universe has existed🔣 Charset: 75 chars
Check against breach database (HIBP)

Options

16

Character Sets

Lowercase (a-z)

26 chars

Uppercase (A-Z)

26 chars

Numbers (0-9)

10 chars

Symbols

!@#$%...

Symbol Set

!@#$%^&*-_+=? · safe for most sites

Exclusions

Exclude look-alike characters

Removes 0 O o 1 l I i · prevents confusion

Exclude ambiguous symbols

Removes ( ) [ ] { } ' " , . ; : \ /

No repeated characters

Every character appears at most once

No sequential characters

Prevents abc, 123, qwerty runs

Bulk Generate

1

Increase count to generate multiple passwords at once (up to 20).

100% client-side. Passwords are generated using crypto.getRandomValues() · never Math.random(). Nothing is sent to any server.

Overview

What this tool does

A strong password is the single biggest factor in account security. This generator builds them using the browser's cryptographic random number generator (the same source modern OS-level password tools use), so each output is genuinely unpredictable. Four modes are included: random characters (mix of upper, lower, digits, symbols), passphrases (four to seven dictionary words joined by separators, easier to type and remember), PIN (digits only, for codes that need to be entered on a numeric pad), and pronounceable (consonant-vowel patterns that read like real words but aren't). Every generated password shows its bit entropy and an estimated crack time so you can pick a length that matches the risk. Useful for everyday account creation, for Wi-Fi codes, for shared team secrets that you'll store in a password manager.

How to

Use it in 3 steps

  1. Pick a mode: random characters, passphrase, PIN, or pronounceable.
  2. Adjust the length. Entropy and crack time update as you change it.
  3. For random characters, toggle which character classes are included (upper, lower, digits, symbols).
  4. Click generate. The password appears in the output field. Click again for a new one.
  5. Copy to clipboard, or paste it straight into the account creation form on the next page.

FAQ

Frequently asked questions

Is the password generated on your server?

No. The randomness comes from your browser's crypto.getRandomValues, which is backed by your operating system's secure RNG. The password is generated on your device and never transmitted.

How long should my password be?

For most accounts, 16 random characters or a 5-word passphrase is more than enough (~80+ bits of entropy, billions of years to crack at current hardware). For high-value accounts (banking, primary email, password manager master), go to 20+ characters or 6 words.

Why use a passphrase instead of random characters?

Passphrases are dramatically easier to type and remember while providing equivalent entropy if long enough. A 5-word passphrase is about as strong as a 15-character random password, and you can actually type it without a manager.

Should I check if my password has been breached?

Yes, before reusing one. The breach check uses the k-anonymity API from Have I Been Pwned: only the first 5 characters of the SHA-1 hash are sent, never the password itself. If the password appears in a known breach, regenerate.