Security

Password Generator: a quick guide

Generate strong, random passwords with full control over length and character classes.

If you use a password manager (and you should), most of your passwords should be generated, not invented. The ChrysoKit Password Generator builds genuinely random passwords with the character classes your service requires, one at a time or in bulk.

Why use it

Web Crypto randomness, configurable rules, and no telemetry. The generator runs locally; the password it gives you was never anywhere else.

How to use the Password Generator

  1. Pick a length (16+ is the modern minimum).
  2. Toggle character classes: upper, lower, digits, symbols.
  3. Optionally exclude similar-looking characters.
  4. Press Generate for one password, or Generate 5 for a list to pick from.
  5. Paste into your manager.

Features worth knowing

Cryptographic randomness

Genuinely random, not pseudo-random. Built on Web Crypto.

Configurable rules

All four character classes (upper, lower, digits, symbols), or any subset.

Bulk generation

Generate 5 at once when you want to pick the one that feels easiest to type. They are all equally random.

No-look-alike mode

Skip the characters that confuse the eye (0/O, 1/l/I) when you may need to read the password aloud or type it on a phone.

Pro tips

  • Length beats complexity. 20 random lowercase characters are stronger than 12 mixed-class ones.
  • Don't reuse passwords. A breach somewhere becomes a breach everywhere.
  • If a service caps the password at 12 characters, that is a sign of a poorly built system. Use the cap and a manager.
  • If you have to remember a password by hand (your manager's master password), use the Passphrase Generator instead.

Privacy first. The Password Generator runs entirely in your browser. Nothing you generate is uploaded.

Pair the Password Generator with a manager and stop trying to remember passwords. Both your time and your accounts come out ahead.

Open the tool: Password Generator →

Migrating a real account inventory to generated passwords

The average person holds well over a hundred accounts, which makes "switch everything to unique random passwords" sound like a lost weekend. The workable version is triage. Sit down once with a password manager installed and fix exactly five accounts: primary email, banking, the app store tied to your devices, your most-used social account, and the password manager's own master credential. These five are the blast radius of any breach... email especially, since "reset via email" makes it the skeleton key to everything else.

After the critical five, stop scheduling and switch opportunistically: every time you log into anything over the following months, let the manager replace that password with a generated one before you continue. Within a quarter, the long tail converts itself with no dedicated effort, and each conversion takes under a minute because you were already authenticated.

Two field notes from doing this in practice. First, a handful of legacy sites still cap length at 12-16 characters or reject symbols; generate within their rules and move on rather than fighting it... uniqueness matters more than perfection. Second, export and print the manager's emergency kit and store it offline. The single real operational risk of the generated-password lifestyle is locking yourself out of the vault that holds everything.

Share this article
CK
ChrysoKit Team

The team behind ChrysoKit. We build small, useful, fast, free tools for people who would rather get on with their day than fight a website.