🔑 Generate Tools

Free online password and security generate tools.

All Generate Tools

Password Generator Generate secure random passwords with customizable length, uppercase, lowercase,... Passphrase Generator Generate memorable passphrases using random words. Easy to remember, hard to cra... PIN Generator Generate secure random PIN codes of any length. Perfect for numeric passwords.... API Key Generator Generate random API keys in various formats. Secure, random, and ready to use.... Memorable Password Generator Generate passwords that are both secure and easy to remember using patterns....

How Secure Passwords Are Generated

A cryptographically secure password generator uses a cryptographic random number generator (CSPRNG), not a simple pseudorandom number generator (PRNG). Standard PRNGs like Math.random() in JavaScript are predictable given knowledge of the seed — an attacker who knows when a password was generated could narrow the search space dramatically. CSPRNGs (like window.crypto.getRandomValues() in browsers, or /dev/urandom on Linux) derive randomness from hardware entropy sources and produce output that is computationally infeasible to predict. All passwords generated by this tool use the browser's built-in CSPRNG, so your passwords are never sent to any server and are generated entirely in your browser.

Password Entropy and Character Sets

Password entropy is measured in bits: entropy = log₂(character_set_size^length) = length × log₂(character_set_size). A 12-character password using only lowercase letters (26 characters) has 12 × log₂(26) ≈ 56.4 bits of entropy. Adding uppercase (52 chars): 12 × log₂(52) ≈ 67.6 bits. Adding digits (62 chars): 12 × log₂(62) ≈ 71.5 bits. Adding symbols (94 printable ASCII characters): 12 × log₂(94) ≈ 78.7 bits. NIST guidelines recommend a minimum of 80 bits of entropy for high-security applications. Modern password cracking hardware can test billions of hashes per second — a 56-bit entropy password can be broken in hours; a 78-bit entropy password would take millions of years.

Passphrases: Memorable and Secure

A passphrase is a sequence of random words rather than random characters. The Diceware method selects words from a list of 7,776 words (6⁵) using five dice rolls per word. A 6-word Diceware passphrase has entropy of 6 × log₂(7776) ≈ 77.5 bits — comparable to a complex 12-character random password, but far easier to remember. "correct-horse-battery-staple" (from the famous XKCD comic) illustrates the concept. NIST SP 800-63B (2017) now recommends passphrases over complex short passwords because they are both more secure and more memorizable. The key requirement is that words must be chosen randomly — predictable phrases like song lyrics or quotations have much lower effective entropy.

PIN and API Key Generation

Numeric PINs have much lower entropy than mixed-character passwords due to the small character set (10 digits). A 4-digit PIN has log₂(10⁴) ≈ 13.3 bits of entropy — very low, but acceptable when protected by lockout policies after 3–5 failed attempts. A 6-digit PIN (used by most modern smartphones) has 19.9 bits. API keys are typically 32–64 characters of hexadecimal or base62 characters, providing 128–192+ bits of entropy. They are designed for machine-to-machine authentication where memorability is irrelevant. Best practice for API keys is to store only a hashed version server-side (like bcrypt) and to provide the plaintext key only once at generation time, requiring regeneration if lost.