Frequently asked questions
Is it safe to generate a password on a website?
This one is — the password is generated entirely in your browser using JavaScript and never transmitted anywhere. That said, generating sensitive passwords offline or with a dedicated password manager is always a reasonable extra precaution.
What does 'entropy' mean here?
It measures how many possible passwords could be generated with your chosen settings, expressed in bits — each additional bit doubles the search space an attacker would need to brute-force, so higher entropy means exponentially harder to guess.
Why exclude ambiguous characters?
Characters like I, l, 1, O, and 0 can look nearly identical in some fonts — excluding them makes a generated password easier to read and manually retype correctly, at a small cost to the total character pool.