Issue
Sign In
StepCodex FeaturedStepCodex Reviews
Notion Docs

Generate secure random passwords. Free online tool, no login, no sign-up.

LocalPersonal data security

Loading Tool Engine

Usage Guide & Tech FAQ

Usage Guide

  1. Read the target system’s policy: min length, required character classes, forbidden symbols.
  2. Set length and charset in the UI; beyond policy, widen the alphabet to grow entropy.
  3. Generate a few candidates; pick sets without ambiguous glyphs (0/O, 1/l) when humans must read them.
  4. Copy straight into a password manager—avoid leaving secrets in chat or email drafts.
  5. For memorable secrets, use long passphrases if the tool supports them.
  6. On rotation, don’t append a digit to the old password—generate a fresh random secret.
  7. Shared accounts should use SSO/per-user creds—not one memorized password for everyone.
  8. Label generated test credentials with environment (dev/stage) to avoid prod accidents.
  9. If handwriting passwords, avoid confusable characters and read them back twice.
  10. Lock your screen; don’t leave generator output visible when away.
  11. Read the title and description first to confirm this utility matches your task (avoid using the wrong tool and misinterpreting output).
  12. Paste or type input in the editor; if a sample/template is provided, load it first to learn the expected output shape.

Related Tech Knowledge

  • Strength comes from length and alphabet size—entropy grows roughly with `log2(alphabet^length)` under uniform draws.
  • Use `crypto.getRandomValues` (or equivalent)—`Math.random` is not acceptable for secrets.
  • Rules like “must include a symbol” shrink the keyspace slightly but long passwords compensate.
  • Human-friendly patterns trade entropy for memorability—keep passphrases long if you choose words.
  • Generators can’t stop keyloggers or malicious extensions—use hardware tokens in high-risk environments.
  • Generated passwords must still meet site minimums or they’ll be rejected at signup.
  • Each generation should be independent; repeated outputs hint at a broken RNG.
  • Passphrase modes depend on dictionary size and word count for effective strength.
  • Never log passwords or put them in URL query strings.
  • Generation is local; check the page note if any network calls occur.
  • Core parsing and computation run in your browser; by default your raw business payload is not persisted to this site’s servers (see on-page privacy notes).
  • The pipeline is typically: read input → parse (lexical/syntactic/structured) → transform → render; failures aim to be diagnosable.