Is this password generator truly random?

Yes. It uses the browser's built-in crypto.getRandomValues API — the same source used by cryptographic libraries — never the weaker Math.random(). The strength meter scores length, character-set variety, and minimum length thresholds.

What makes a passphrase stronger than a random password?

A 4-word passphrase drawn from a dictionary of 256 words has 256⁴ = ~4.3 billion combinations and is much easier to type and remember than a short random string. Longer passphrases are effectively uncrackable with current hardware.

Are my passwords stored or sent anywhere?

No. Everything runs entirely in your browser — no passwords are ever transmitted to a server, stored in a database, or logged anywhere. Close the tab and the password is gone.

How long should my password be?

Length matters more than complexity. 12 characters is a sensible floor, 16+ is recommended for important accounts, and the slider goes up to 64. For a manager-stored password there is no downside to going long.

What does "exclude ambiguous characters" do?

It removes characters that are easy to confuse when read or typed by hand — the digits 0 and 1 and the letters O, I and l. Tick it when a password may be read aloud or typed from a screen; leave it off for maximum character variety.

Should I use a password or a passphrase?

Use a random password when a service allows symbols and you store it in a manager. Use a passphrase (random words joined by a separator) when you need to type or remember it — it is far easier on a phone keyboard while staying strong because of its length.

How does the strength meter work?

It scores the password from Very Weak to Very Strong based on its length and how many character sets (upper, lower, digits, symbols) it draws from, with bonus points for longer lengths. It is a guide to entropy, not a guarantee against every attack.

Password Generator — Gera Tools

Password generator — strong and private

This tool generates a random password or a memorable passphrase entirely in your browser. It’s for anyone creating a new account, rotating a compromised credential, or seeding a password manager who wants real randomness rather than a guessable string. Nothing is uploaded, so even a generated password you choose not to use never leaves your device.

How it works

Every random choice comes from crypto.getRandomValues — the same cryptographically secure source used by security libraries, never Math.random. In password mode you set the length (6–64) and choose which character sets to include from uppercase (A–Z), lowercase (a–z), digits (0–9) and symbols (!@#$%^&*()_+-=[]{}|;:,.<>?). The generator guarantees at least one character from each selected set, then fills the rest randomly and shuffles, so the result always satisfies every chosen rule. The optional exclude ambiguous filter strips 0 O I l 1. In passphrase mode it picks 3–8 words at random from a built-in 256-word English list and joins them with your separator.

Example

A 4-word passphrase from the 256-word list, e.g. river-amber-clock-spruce, has 256⁴ ≈ 4.3 billion combinations — and adding more words multiplies that further.

Strength guidance

Length / type	Use case
12 characters	Minimum for everyday accounts
16+ characters	Recommended for important accounts
4-word passphrase	Memorable, easy to type, still strong
6+ word passphrase	Effectively uncrackable with current hardware

All generation happens entirely in your browser. Nothing is uploaded.