Create strong, random passwords right in your browser. Nothing is sent anywhere or stored — every password is generated locally with cryptographic randomness.
Strength comes from entropy — the number of equally likely possibilities an attacker must try. Entropy grows with length and character variety: each character drawn from a 94-symbol set adds about 6.6 bits. A random 16-character mixed password has ~105 bits of entropy; at a trillion guesses per second, cracking it would take longer than the age of the universe.
Yes. Passwords are produced by crypto.getRandomValues(), the same cryptographically secure random source browsers use for encryption — not the predictable Math.random(). Generation happens entirely on your device: the password never travels over the network, is never logged, and disappears when you leave the page.
Yes. Passwords are generated entirely in your browser using the cryptographically secure Web Crypto API. Nothing is sent to or stored on any server.
At least 16 characters for important accounts. Each extra character multiplies the time needed to crack it — a random 16-character password with mixed character types would take centuries to brute-force.
Yes. Reused passwords mean one data breach exposes all your accounts. Use a password manager to generate and store a unique password per site.
It removes characters that are easy to confuse when reading or typing a password manually: lowercase l, the digit 1, uppercase I, uppercase O, and zero. Use it for passwords you'll ever need to type by hand or read over the phone.