Password Generator — strong, random, with a live entropy meter
Generate a strong random password — or a memorable passphrase — and see exactly how much entropy it has. Crypto-secure (Web Crypto API), zero uploads, no signup, no ads. The strength meter follows NIST SP 800-63B so the bit counts match what a security audit would compute.
How it works
A truly random password's strength is fully captured by one number: its Shannon entropy, in bits. For a password of length L drawn uniformly from a pool of N symbols, the entropy is H = L × log2(N). Each bit doubles the number of guesses an attacker must try, so a 60-bit password takes 2⁶⁰ ≈ 1.15 quintillion guesses in the worst case.
The generator builds the pool from the character sets you enable: 26 lowercase + 26 uppercase + 10 digits + 24 printable symbols = 86 distinct characters at its maximum. Toggling “Exclude ambiguous characters” removes the ten glyphs that look identical in many fonts (0/O/o, 1/l/I, 5/S, 2/Z). With every set on and ambiguous characters left in, a 16-character password reaches roughly 102 bits of entropy — well past the 60-bit threshold security audits treat as “strong.”
Selection uses the browser's Web Crypto API (crypto.getRandomValues) — the same primitive that seeds TLS keys. Indexing into the pool uses rejection sampling: random bytes that fall outside an evenly-divisible cutoff are discarded so the modulo result is exactly uniform. Without that step you get modulo bias — some characters become slightly more likely than others, which an attacker can exploit to prune the search space.
When “Include at least one of each set” is on, the generator pre-places one character from every enabled class, then fills the remaining positions from the full pool and shuffles. This satisfies sites with policies like “must contain a digit and a symbol” without measurably reducing entropy at typical lengths.
Passphrase mode picks 256 words at a time from a hand-curated list of 256 short English words. Each pick contributes exactly 8 bits, so a 6-word phrase carries 48 bits of entropy and a 10-word phrase carries 80 bits. The appended digit option adds a further log₂(10) ≈ 3.32 bits. The list is a reduced derivative of the EFF Diceware short wordlist (CC-BY 3.0), trimmed to a power of two so per-word entropy is an integer.
The crack-time figures use two industry-standard reference rates: 10¹⁰ guesses per second for an offline fast-hash attack (a single modern consumer GPU against MD5- or NTLM-class hashes) and 100 guesses per second for a rate-limited online attack against a well-configured server. For slow-hash schemes like bcrypt or Argon2, the real-world offline rate is millions of times lower than 10¹⁰, so the displayed offline time is a conservative ceiling.
Worked examples
Frequently asked questions
Sources & references
- MDN — Crypto.getRandomValues() (Web Crypto API)
- W3C — Web Cryptography API specification
- NIST SP 800-63B — Digital Identity Guidelines (memorized-secret strength)
- OWASP — Authentication Cheat Sheet
- EFF — Diceware passphrase wordlists (CC-BY 3.0)
- Kudelski Security — Definitive guide to modulo bias
The character sets, entropy formula, and crack-time references on this page were last cross-checked against the cited sources on 2026-05-11. The page is reviewed when NIST SP 800-63 or the Web Crypto API specification publishes a material change.
Related tools
Comments & feedback
Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.
Found a bug, edge case, or want to suggest an improvement?
Email me at [email protected] — most fixes ship within 24 hours.