Your password never leaves this device
STRENGTH
CRACK TIME ESTIMATES
Online attack (throttled)
Online attack (no throttle)
Offline attack (slow hash, e.g. bcrypt)
Offline attack (fast hash, e.g. MD5/SHA)
BREACH CHECK
Uses k-anonymity: only first 5 chars of SHA-1 hash sent to HaveIBeenPwned
Checking breach database...
PASSWORD GENERATOR
Click GENERATE to create a password
20
HOW IT WORKS
- Strength scoring uses zxcvbn — the same library used by Dropbox
- Breach check uses k-anonymity: only the first 5 characters of the SHA-1 hash are sent to HaveIBeenPwned
- Password generation uses crypto.getRandomValues() for cryptographically secure randomness
- Everything runs 100% in your browser — no password is ever sent to any server