Generate cryptographically strong, random passwords. Customise length and character sets. Nothing is ever sent to a server.
| Password type | Entropy | Time to crack (modern GPU) |
|---|---|---|
| 8 chars, letters only | ~38 bits | Seconds |
| 8 chars, mixed + numbers | ~48 bits | Minutes to hours |
| 12 chars, all types | ~79 bits | Centuries |
| 16 chars, all types | ~105 bits | Longer than the universe |
window.crypto.getRandomValues() — the Web Cryptography API built into every modern browser. This is a cryptographically secure pseudo-random number generator (CSPRNG) seeded by the operating system's entropy pool. It's the same quality of randomness used to generate SSL certificates and encryption keys. It's significantly more secure than Math.random(), which should never be used for security-sensitive tasks.