Toolkura
πŸ‡―πŸ‡΅ζ—₯本θͺž

Password Generator

Secure password generator with entropy display and exclude-character support.

Runs entirely in your browser β€” no data is sent to any server
16
464

Character Set

Count

How to Use the Password Generator & Password Security Basics

This tool is a secure password generator that runs entirely in your browser. It uses the Web Crypto API's cryptographically secure pseudo-random number generator (CSPRNG) to generate passwords β€” the same API used by cryptographic libraries in modern browsers and recommended by NIST for random number generation. Generated passwords are never sent to any server. Two modes are available β€” Random Password and Passphrase β€” so you can choose the style that best fits the requirements of the service you are registering for.

Entropy and Password Strength

Entropy measures how unpredictable a password is, expressed in bits. The formula is: character count Γ— log2(pool size). For example, a 16-character password using all four character types (about 94 characters) yields approximately 104.8 bits of entropy β€” making brute-force attacks practically impossible with modern hardware. As a general guideline, 80+ bits is considered strong and 100+ bits very strong.

What Is a Passphrase?

A passphrase combines multiple random words into a single credential β€” for example, 'correct-horse-battery-staple'. This approach, championed by the EFF (Electronic Frontier Foundation), produces passwords that are both memorable and secure. Four or more words from a sufficiently large word list provide strong entropy. Passphrases are especially useful when you need something a person can actually memorize, or when special characters are not required.

Exclude Characters Feature

The exclude field lets you remove visually ambiguous characters like 'Il1O0' from the character pool. This is particularly helpful when a password needs to be printed, read aloud over a phone call, or transcribed by hand β€” for example, when setting up a router admin password or activating a new device. Entropy is recalculated in real time based on the actual pool size after exclusions, so the strength meter always reflects the true security of the generated password. You can also exclude characters that are rejected by a specific website or application (some services prohibit symbols like < > or &).