Password and passphrase generator
Random passwords and diceware-style passphrases, generated with your browser's cryptographic random number generator (crypto.getRandomValues). Nothing is sent to a server, nothing is stored: close the tab and the password exists only where you pasted it.
Words come from the EFF large wordlist: 7776 words, about 12.9 bits of entropy each, chosen with the same dice-roll method as diceware.
Generated in your browser with crypto.getRandomValues. Nothing is sent or stored: this page makes no network requests with your data.
How strong is strong enough?
Entropy bits measure how many guesses an attacker needs: every extra bit doubles the work. A 40-bit secret falls in about a trillion guesses, which sounds like a lot until you know that a single modern GPU can try billions of hashes per second against a stolen password database. Around 65 bits is comfortable for most accounts, and past 90 bits the search space is out of reach for any realistic attacker, even one with a data-center budget.
Passphrases trade length for memorability. Six random words from the EFF list give about 77 bits, the same ballpark as a 13-character random password, but "maple-survey-ostrich-debit-cradle-fox" is something a human can actually type and remember. The catch is that the words must be picked randomly: a sentence you made up yourself has far less entropy than it appears to, because human word choices are predictable.
Why do thresholds differ between online and offline attacks? An online attacker has to talk to the real login form, which rate-limits and locks out after a handful of tries, so even 30 bits survives. Offline cracking, after a database breach, runs at hardware speed with no limits. Since you rarely know how a site stores passwords or when it will be breached, it is safer to size every password for the offline case, and a generator makes that free.