Password Generator & Strength Analyzer
Generate cryptographically secure passwords, memorable passphrases, and PINs with real-time strength analysis and time-to-crack estimates. 100% client-side — your passwords never leave your browser.
Settings
🔒 Privacy: All password generation and analysis happens locally in your browser using the Web Crypto API. Your passwords never leave your device.
Features
Cryptographic Random Generation
Uses the Web Crypto API (crypto.getRandomValues) for hardware-accelerated, cryptographically secure randomness
Memorable Passphrases
Generate Diceware-style passphrases using the EFF word list for passwords that are secure yet easy to remember
Real-time Strength Analysis
Powered by Dropbox's zxcvbn library — detects patterns, dictionary words, keyboard sequences, and l33t substitutions
Time-to-Crack Estimates
Human-readable crack time estimates showing how long your password would resist offline brute-force attacks
Bulk Generation & Export
Generate up to 50 passwords at once with individual strength scores, export as CSV, JSON, or plain text
100% Client-Side Privacy
Zero network requests during operation — all generation, analysis, and export happens entirely in your browser
Frequently Asked Questions
How is password strength measured?
This tool uses zxcvbn, Dropbox's open-source password strength estimator. Unlike simple rule-based checkers, zxcvbn detects common patterns including dictionary words, keyboard sequences (qwerty), dates, repeated characters, and l33t substitutions. It calculates actual entropy and provides realistic crack time estimates.
Should I use a random password or a passphrase?
Random passwords offer the highest entropy per character and are ideal for accounts protected by a password manager. Passphrases (e.g., 'Correct-Horse-Battery-Staple') are easier to remember and type, making them better for master passwords or systems where you need to enter the password manually. A 4-word passphrase provides roughly 51 bits of entropy.
Is this tool secure?
Yes. All password generation uses the Web Crypto API (crypto.getRandomValues), which provides cryptographically secure random numbers backed by your operating system's entropy source. No passwords, settings, or analysis results are ever transmitted over the network. You can verify this by checking your browser's Network tab.
Can I use this tool offline?
Yes, once the page is loaded, the password generator works completely offline. The strength analysis library (zxcvbn) is loaded on first use and cached by your browser. No internet connection is required for generating, analyzing, or exporting passwords.
What does 'Exclude ambiguous characters' do?
This option removes visually similar characters from generated passwords: 0 (zero) and O (letter O), l (lowercase L), 1 (one), and I (uppercase i). This is useful when passwords need to be read aloud, typed from paper, or used in contexts where font rendering makes these characters indistinguishable.
Related Password Generator & Strength Analyzer Articles
Discover more insights about password generator & strength analyzer and related development topics