Passwords & Secrets
Generate and evaluate passwords, passphrases, PINs and other secrets — all created locally in your browser with cryptographically secure randomness.
- Passphrase Generator Generate memorable diceware passphrases from the EFF long wordlist, locally in your browser. Pick 3-10 random words and see the exact entropy and crack time.
- Password Generator Generate strong random passwords in your browser with a cryptographically secure generator. Choose length and character sets, see the entropy, copy in one click.
- Password Strength Checker Rate any password with zxcvbn pattern analysis — a 0–4 score, realistic crack-time estimates and concrete fixes, computed entirely in your browser.
- PIN Generator Generate random PIN codes of 4 to 12 digits locally in your browser. Optional filters reject repeats and sequences, and the exact entropy cost is shown.
- Username Generator Generate random username ideas in your browser: seed an optional keyword, pick a style — adjective+noun, numbers, leetspeak or two words — and click to copy.
Picking the right generator here comes down to where the secret will live. For an account your password manager stores and fills for you, the Password Generator produces long mixed-charset strings — a 20-character password drawn from the 94 printable ASCII symbols carries roughly 131 bits of entropy (log₂(94²⁰)), far beyond what anyone brute-forces. When you have to type or remember the secret yourself, reach for the Passphrase Generator instead: five words from the EFF long wordlist give about 64.6 bits (5 × 12.9) and are much easier to recall than a tangle of symbols. If you already have a password and want to know how it holds up, paste it into the Password Strength Checker, which estimates crack time from its actual composition rather than counting whether it happens to include a capital letter.
For a phone lock, a bank card or a door code, the PIN Generator draws digits from the same cryptographically secure source — a random 6-digit PIN is worth about 20 bits, which only survives real-world attacks because devices rate-limit guesses. And when a signup form wants a handle rather than your real name, the Username Generator builds pronounceable, unclaimed-looking options.
Every secret on these pages is generated with crypto.getRandomValues() and never leaves the tab — nothing is logged, transmitted or stored. If you want the arithmetic behind the strength numbers, the password entropy guide works through the log₂ maths, and the diceware passphrases guide explains why four or five random words beat a mangled dictionary word.