Security Tools — Free Online Security Utilities
Strong credentials are the first line of defense against unauthorized access. These security tools generate cryptographically secure passwords, passphrases, and PINs using the Web Crypto API (crypto.getRandomValues) — the same entropy source browsers rely on for TLS handshakes and key generation. The Password Generator creates random passwords from 1 to 128 characters with granular control over character types: uppercase, lowercase, digits, symbols, and the option to exclude visually ambiguous characters like 0/O and l/1. It also generates memorable passphrases using the EFF wordlist and numeric PINs for devices that require them. Each generated password shows an estimated crack time based on brute-force attack speed assumptions, helping you choose a length that meets your security requirements. All generation happens client-side — no password is ever transmitted, stored, or logged anywhere.
When to Use Security Tools
Use security tools whenever you need to create new credentials. Generate a unique random password for each online account to avoid credential-stuffing attacks. Create passphrases for master passwords where memorability matters. Generate PINs for phone unlock codes, two-factor backup codes, or voicemail access. Check the crack-time estimate to ensure your password meets organizational security policies that require a minimum entropy threshold.
Frequently Asked Questions
Are generated passwords truly secure?
Yes. The Password Generator uses the Web Crypto API (crypto.getRandomValues), which draws entropy from the operating system's cryptographic random number generator (CSPRNG). This is the same source used for TLS key generation in your browser. No password is ever sent to a server or stored anywhere.
What is a passphrase and when should I use one?
A passphrase is a sequence of random words (e.g., "correct horse battery staple") that is easier to remember than a random string of characters but equally strong at the same entropy level. Use passphrases for master passwords, full-disk encryption keys, or any credential you need to type from memory regularly.
How is crack time calculated?
The crack-time estimate assumes an offline brute-force attack at 10 billion guesses per second, which represents a well-funded attacker with GPU clusters. It calculates the total keyspace (possible characters raised to the power of password length) and divides by the attack speed. The result gives you a conservative lower bound for how long your password would resist such an attack.