mytoolstash / security tools / password-generator

$ openssl rand

Password Generator

Generate strong random passwords locally with the browser's secure random source. Click the password to copy it.

How strong is strong?

Strength is measured in entropy bits: log₂ of the number of possible passwords. A 20-character password using all four character sets has around 130 bits — far beyond what any current hardware can brute-force. For most accounts, 16+ characters with mixed sets is more than enough; the bigger risks are reuse and phishing, not brute force.

Generated locally

Passwords are produced with crypto.getRandomValues(), the browser's cryptographically secure generator, using rejection sampling to avoid modulo bias. Nothing is transmitted or stored — once you leave this page the password exists only where you pasted it.

Better than a password: a manager

A generator pairs best with a password manager. Generate once, store it in the manager, and never memorize or reuse it. Reserve memorized passwords for the manager itself and your primary email.