Password Generator
Cryptographically secure passwords and passphrases. Uses crypto.getRandomValues. Nothing leaves your device.
EcM^(23KBeyceuij*)[*
Options
What makes a strong password?
A strong password has two properties: it is long, and it is random. Length matters more than complexity. NIST's Special Publication 800-63B (updated 2024) explicitly dropped mandatory complexity rules — no more requirements for uppercase letters, numbers, and symbols if they result in shorter or more predictable passwords. A 20-character random lowercase password has more entropy than a 12-character password with uppercase, numbers, and symbols.
The relevant measure is entropy: how many possible values exist for a password of this type and length. A 16-character password drawn from 94 printable ASCII characters has 94^16 ≈ 10^31 possible values. At a billion guesses per second, cracking it by brute force would take longer than the age of the universe.
How does this password generator work?
OffCloud.tools uses crypto.getRandomValues — the browser's built-in cryptographically secure random number generator. This is the same API used by browser-based cryptography and certificate generation. Unlike Math.random(), which is a pseudorandom number generator unsuitable for security use, crypto.getRandomValues draws from the operating system's entropy pool.
We also apply rejection sampling: when mapping random numbers to a character set, a naive modulo operation introduces bias (some characters appear slightly more often than others). Rejection sampling discards values that would cause bias and re-draws, ensuring a perfectly uniform distribution across the character set.
How to generate a secure password with OffCloud.tools
- Choose a mode: Random for a traditional password or Passphrase for a word sequence.
- For Random mode: set the length (16+ for regular accounts, 20+ for important ones) and choose which character sets to include.
- For Passphrase mode: choose word count (4 words minimum, 5+ for critical accounts), separator, and whether to capitalise the first letter of each word.
- Check the strength meter — aim for "Strong" or "Very strong".
- Click the copy icon or press the Copy button. The password is copied to your clipboard.
- For bulk generation: use the Export button to download a plain-text file with 10, 50, or 100 passwords.
Is this password generator secure?
The security of a browser-based password generator depends on two things: the quality of the random number generator, and whether the output is ever transmitted. OffCloud.tools uses crypto.getRandomValues (CSPRNG-quality) and generates passwords entirely inside your browser tab. No password is ever sent to a server. You can verify this in your browser's Network tab: there are zero outgoing requests during password generation.
NIST SP 800-63B recommends using a password manager and generating passwords with a CSPRNG. This tool satisfies both the generation requirement and the privacy requirement: the generator runs locally, and there is no server to breach.