siutil. Password Generator
processed in your browser · never uploaded
 

Press Generate to create passwords.

A tool for when you need a strong, hard-to-guess password right now — signing up for an account or rotating an old one. In "Password" mode you pick a length (4–128 characters) and which character types to use (lowercase abc, uppercase ABC, digits 123, symbols !@#) and generate as many at once as you like. At least one character from each selected type is always included, so passwords pass site rules like "must contain an uppercase letter, a number and a symbol" on the first try. Turn on "Exclude look-alike characters" to drop confusable glyphs such as 0/O and 1/l/I, or type any characters you want to avoid into the "Exclude characters" box. In "Passphrase" mode it strings English words together with a separator (e.g. brave-anchor-lunar-tiger) to make something long but easy to say, remember, and type without mistakes; you choose the number of words, the separator, whether to capitalize each word, and whether to append a number. For each setting it also shows an estimate of the resulting strength (entropy in bits). Randomness comes from the browser's built-in crypto.getRandomValues (a cryptographically secure pseudo-random generator), and each character is chosen with unbiased rejection sampling so no character is favoured. Because passwords are highly sensitive, this tool does everything entirely inside your browser (JavaScript) and never sends, stores, or logs your generated passwords or settings to a server (the passwords themselves aren't saved on your device either — only your preferences like length and character set are remembered for next time). Copy any password with its "Copy" button, or grab them all with "Copy all".

How to use

  1. Choose "Password" or "Passphrase" mode.
  2. Set the length (or number of words), character types, separator, and any characters to exclude, then pick how many to generate.
  3. Press "Generate" to see the candidates. Use "Copy" or "Copy all" to grab them. Nothing you generate is sent anywhere.

FAQ

Are the generated passwords sent or stored anywhere?

No. Generation happens entirely in your browser with JavaScript, and the resulting passwords and settings are never sent, stored, or logged to a server. The passwords themselves aren't saved on your device either — only your preferences (length, character set, etc.) are remembered for convenience.

Is the randomness secure?

Yes. It uses the browser's built-in crypto.getRandomValues — a cryptographically secure pseudo-random number generator — and picks each character with unbiased rejection sampling to avoid modulo bias. It does not use predictable sources like Math.random().

What does "Exclude look-alike characters" do?

It removes glyphs that are easy to misread — 0 and O (zero and capital O), 1, l and I (one, lowercase L, capital i), and similar — from the pool. Handy when a password has to be written down or read aloud.

Should I use a password or a passphrase?

It depends. A short password with symbols fits length-limited fields, while a passphrase (joined words) is long yet easy to say, remember, and type without errors. With enough length (4+ words for a passphrase) both reach strong entropy — use the estimated bit count shown on screen as a guide.

Are the selected character types guaranteed to appear?

Yes. Each character type you tick (uppercase, digits, symbols, etc.) contributes at least one character before the rest is filled in, so passwords reliably satisfy rules like "include an uppercase letter, a number and a symbol" in one go.