Password Generator

Yes. This generator uses the crypto.getRandomValues() API — the same cryptographically secure random number generator used by browsers for TLS. Passwords are generated locally in your browser and never transmitted anywhere.

NIST recommends at least 12 characters for most accounts. For sensitive accounts (banking, email, SSH keys), use 20+ characters. With all character types enabled, a 16-character password has ~98 bits of entropy — effectively uncrackable with current technology.

Entropy measures how unpredictable a password is, in bits. Each bit doubles the search space. A password with 60 bits requires 2⁶⁰ guesses to crack by brute force. Entropy = log₂(charset_size) × length. With 94 printable ASCII characters and 16 characters: log₂(94) × 16 ≈ 104 bits.

Passphrases (e.g. correct-horse-battery-staple) can be as secure as random passwords and are easier to remember. A 5-word passphrase from a 7,776-word dictionary has ~64 bits of entropy. Use passphrases for master passwords you need to memorize; use random passwords for everything else stored in a manager.