thaivh tools
All Tools

Password Generator

Generate secure random passwords instantly. Customize length, character types, and exclusions. Uses Web Crypto API for true cryptographic randomness — no data sent to servers.

x0L?t-1o,zf&E}I_
Password StrengthVery Strong
~103 bits of entropy
16

How Password Security Works

Password strength is measured in entropy bits — the mathematical randomness of your password. Each additional character exponentially increases the number of possible combinations an attacker must try.

Weak (<60 bits)

Vulnerable to brute-force attacks. Avoid for important accounts.

Medium (60-80 bits)

Moderate protection. Acceptable for low-risk accounts.

Strong (80-100 bits)

Good protection. Resistant to brute-force for years.

Very Strong (100+ bits)

Excellent protection. Effectively uncrackable with current technology.

Cryptographic Security

This tool uses the Web Crypto API (crypto.getRandomValues), which provides the same level of randomness used by browsers for TLS/SSL connections. Unlike Math.random() which is predictable, the Web Crypto API draws from the operating system's cryptographically secure random number generator.

Frequently Asked Questions

How secure are these passwords?
Passwords are generated using the Web Crypto API, a cryptographically secure random number generator built into modern browsers. Each password is created from true randomness, not predictable patterns. The entropy score shows the theoretical strength — aim for 80+ bits for strong protection.
Should I save my passwords?
Never save passwords in plain text, browser notes, or unencrypted files. Use a dedicated password manager like Bitwarden, 1Password, or Apple Keychain. These tools encrypt your credentials and protect them with a master password or biometrics.
What makes a password strong?
A strong password has three key properties: length (at least 16 characters), variety (mix of uppercase, lowercase, numbers, and symbols), and randomness (no dictionary words or personal info). The strength meter rates your password based on these factors — aim for "Strong" or "Very Strong".
Why exclude similar characters?
Similar characters like i, l, 1, L, o, 0, O can be confusing when reading or typing passwords. Excluding them reduces errors in handwritten or verbally communicated passwords while maintaining security if you increase length slightly.
How long should my password be?
For most accounts, 16 characters is sufficient. For high-security accounts (banking, crypto, password managers), use 20+ characters. Length matters more than complexity — a 20-character password with just letters is stronger than a 12-character password with all character types.
Are passwords stored or sent anywhere?
No. All generation happens entirely in your browser using JavaScript. No data is sent to any server, stored, logged, or transmitted. The password exists only in memory and is discarded when you leave the page.
What password length do experts recommend?
NIST and security experts recommend a minimum of 8 characters, but 16+ is ideal. Modern systems support up to 128 characters. For critical accounts, use passphrases (4+ random words) which are easier to remember and stronger than short complex passwords.