Toolisk LogoToolisk
🔒

Password Generator

Strong random passwords or memorable passphrases — generated locally with Web Crypto, never logged.

Generated password

Very weak~0 bits of entropy

Options

About this tool

A privacy-respecting password generator that creates either character-random passwords or human-memorable passphrases. Built with the Web Crypto API, so randomness is cryptographically strong. Live entropy meter shows the resistance to brute force attacks.

🎲Random character mode (length 8–64)
🗝️Passphrase mode (3–10 words)
🛡️Cryptographically secure (Web Crypto)
📈Live entropy + strength meter
🚫Optional ambiguous-character filter
🔒Nothing leaves your browser

How to use it

Quick steps to get the most out of this utility.

  1. 1

    Pick a mode

    Random characters (most secure per character) or passphrase (easier to memorize).

  2. 2

    Adjust length

    20+ characters or 5+ words is a sane default. The strength meter updates as you change settings.

  3. 3

    Toggle character classes

    Lowercase, uppercase, digits, symbols. Each class adds entropy.

  4. 4

    Regenerate until you like it

    Click regenerate to roll a new password without leaving the page.

  5. 5

    Save it in a password manager

    Copy the password into 1Password, Bitwarden, KeePass, or any vault. Don't save it as a sticky note.

What makes a password strong

Password strength is purely a function of entropy (unpredictability). The two ingredients arelength and the size of the character pool you sample from. A 12-character password with full character classes has roughly 78 bits of entropy. Add four more characters and you cross 100 bits — the practical limit of what determined offline attackers can crack.

When to use passphrases

The one password you must remember (your password manager master) should be a passphrase — five or six random words from a large word list. You'll type it daily, so memorability matters; randomness from EFF-style word lists still gives 60+ bits of entropy.

Frequently asked questions

Is the password generator secure?+

Yes. It uses crypto.getRandomValues, the browser's cryptographically secure random number generator. No password is ever transmitted, logged, or stored.

How long should my password be?+

For most accounts, 16+ characters with mixed case, digits, and symbols gives you 95+ bits of entropy — far more than offline cracking can break in a human lifetime. For high-value accounts (email, banking, password manager master), use 20+.

Random password vs passphrase — which is better?+

Random characters give the highest entropy per character but are unmemorable. Passphrases (4–6 random words) are easier to type and remember, with comparable strength when you use enough words. Use passphrases for things you must memorize (master password, OS login); use random strings for everything stored in your password manager.

What does "entropy" mean?+

Entropy measures how unpredictable the password is. 70 bits resists most online attacks; 90+ bits resists offline cracking even with specialized hardware; 128+ bits is overkill but cheap to use.

Keep exploring

More utilities and reading from Toolisk.