Question 1

Is this safe to use for real passwords?

Accepted Answer

Yes. This generator uses the Web Crypto API (crypto.getRandomValues) for cryptographically secure random values. Suitable for account passwords, API keys, and other secrets you store in a password manager. All generation happens in your browser — no password is ever sent to a server.

Question 2

How is password strength calculated?

Accepted Answer

Strength is estimated using Shannon entropy: log₂(charsetSize) × length. A charset of uppercase + lowercase + numbers + symbols gives ~95 possible characters. At 16 characters that is ~105 bits of entropy — rated Very Strong. Shorter passwords or restricted charsets score lower.

Question 3

Are my passwords stored or logged?

Accepted Answer

No. All generation happens entirely in your browser. No password is sent to any server, logged, or stored anywhere. You can disconnect from the internet and the generator still works.

Question 4

What length should I use?

Accepted Answer

For most online accounts: 16–20 characters with all character sets enabled. For service credentials and API keys: 32+ characters. Anything over 80 bits of entropy (roughly 13 characters with all sets) is considered strong by current standards.

Password Generator

How it works

Account security

Developer secrets

Test credentials

Temporary access

Related generators

UUID Generator

Fake String Generator

FAQ