Question 1

How does the random password generator work?

Accepted Answer

The generator uses your browser's built-in cryptographically secure random number generator (window.crypto.getRandomValues) to pick characters from the sets you select. We use rejection sampling so every character is equally likely, with no statistical bias. The whole process runs on your device.

Question 2

How do I create a strong password?

Accepted Answer

A strong password is long and unique. Aim for at least 16 characters mixing uppercase letters, lowercase letters, numbers, and symbols. Never reuse passwords across sites and avoid personal information like names, birthdays, or common words.

Question 3

Are my generated passwords safe?

Accepted Answer

Yes. Passwords are generated entirely in your browser. They are never sent over the network, never logged on a server, and never stored. When you close or refresh the page, the password is gone.

Question 4

How is password strength measured?

Accepted Answer

We estimate entropy in bits using the formula length x log2(pool size), where pool size is the number of possible characters. Higher entropy means a password is harder to guess. Roughly: under 50 bits is Weak, 50-80 is Average, and 80+ is Strong.

Question 5

Can a strong password still be hacked?

Accepted Answer

In theory any password can be brute-forced, but a long random password with mixed character types would take an impractical amount of time to crack — far beyond a human lifetime. Length is the single biggest factor.

Question 6

Why should I avoid ambiguous characters?

Accepted Answer

Characters like the letter O and the number 0, or lowercase l and the number 1, are easy to confuse when reading or typing a password manually. Enabling 'Avoid ambiguous' removes them so the password is easier to transcribe.