Password Generator
Generate strong, random passwords using the browser's Web Crypto API. Configurable length, character classes, exclude-similar and exclude-ambiguous filters, and a live entropy + crack-time estimator.
Features
- Web Crypto API random source with rejection sampling
- Configurable length (4-256) and character classes
- Exclude similar and ambiguous characters
- Live entropy + estimated crack time
- Require at least one of each selected class
Frequently Asked Questions
- Are the passwords cryptographically secure?
- Yes. All randomness comes from the browser's Web Crypto API (crypto.getRandomValues) using rejection sampling to eliminate modulo bias. Nothing is sent to any server.
- What does the strength meter mean?
- Strength is estimated from entropy = length × log2(charset size). Bands: <28 bits Very Weak, 28–48 Weak, 48–72 Fair, 72–96 Strong, 96+ Very Strong.
- Should I exclude similar or ambiguous characters?
- Excluding similar chars (i l 1 o 0) helps users read passwords aloud. Excluding ambiguous chars (brackets/quotes) avoids shell-escaping issues. Both slightly reduce entropy.