Question 1

Are these passwords actually random?

Accepted Answer

Yes. We use window.crypto.getRandomValues — the browser's cryptographically secure random number generator — and reject out-of-range bytes to avoid modulo bias. Math.random would be predictable and is not used anywhere in this tool. Nothing is sent over the network; generation happens entirely in your browser.

Question 2

What is password entropy and why does it matter?

Accepted Answer

Entropy (measured in bits) tells you how hard a password is to guess. Each bit doubles the search space. A 20-character password with 70 distinct possible characters has about log2(70) × 20 ≈ 122 bits — well past what any current cracker can brute-force. The strength label below your password is based on these thresholds: <40 weak, 40-60 fair, 60-80 good, 80-100 strong, 100+ excellent.

Question 3

Should I exclude ambiguous characters?

Accepted Answer

It depends. If you'll be reading the password out loud or copying it by hand, exclude 0/O/l/1/I — they're the usual confusing pairs. If you'll only ever paste it from a password manager, leave the option off so you get the most entropy per character.

Free Password Generator — Cryptographically Strong, in Your Browser

Options

How this works

Want a "set it up once" digital-life pack?