Forge unbreakable passwords — instant, private, free
7 free password tools — generator, strong passwords, memorable passphrases, PINs, bulk generation, strength checker, and hashing. Nothing leaves your browser.
Click copy or regenerate for a new one — instant and private.
Instant random password with configurable length and character types
Use toolMaximum-security passwords with full control over length and character sets
Use toolWord-based passphrases that are easy to remember but hard to crack
Use toolRandom numeric PINs from 4 to 8 digits for cards and devices
Use toolGenerate up to 100 passwords at once with consistent settings
Use toolAnalyze any password for entropy, crack time, and weaknesses
Use toolHash text with SHA-256, SHA-512, and SHA-1 — 100% in your browser
Use toolUses the Web Crypto API (crypto.getRandomValues) for true randomness. No pseudo-random shortcuts — every password is unpredictable.
No loading, no sign-ups, no limits. Generate passwords as fast as you can click. Works offline once the page loads.
Everything runs in your browser. No passwords are ever transmitted, logged, or stored. We literally cannot see what you generate.
KeyForge generates passwords entirely in your browser using the Web Crypto API. No data is sent to any server. Use a password manager to store your passwords securely.
Password strength is measured in bits of entropy — a measure of unpredictability. A password with 128 bits of entropy would require 2¹²⁸ guesses to crack by brute force. At one trillion (10¹²) guesses per second — the speed of modern specialized hardware — cracking a 128-bit password would take longer than the age of the universe.
Common password advice often focuses on complexity rules (uppercase, numbers, symbols) while underweighting the most important factor: length. A 12-character password using only lowercase letters has about 56 bits of entropy. The same 12-character password using all character types adds less than 20 bits — bringing it to about 74 bits. But extending the lowercase-only password to 20 characters gives 94 bits — stronger than the complex 12-character password, and far easier to remember.
Dictionary attacks are why common words, names, and patterns are weak even when modified. Attackers don't just guess random characters — they start with dictionaries of billions of common passwords, words, and name+number combinations, and apply transformation rules (e → 3, a → @, appending "1234"). A password like "Password123!" ranks in the top 100 most-tested passwords despite technically meeting complexity rules.
Use our Strong Password Generator to create cryptographically random passwords, or our Memorable Passphrase Generator for passwords that are both strong and human-readable — using the diceware method.
Entropy in a password is calculated as: bits = log₂(character_set_size^password_length) = password_length × log₂(character_set_size). For a password with 26 lowercase letters, each character contributes log₂(26) ≈ 4.7 bits. For a full character set of 95 printable ASCII characters, each character contributes log₂(95) ≈ 6.57 bits.
This only applies to truly random passwords. Human-chosen passwords have far lower effective entropy because humans are predictable: we prefer certain patterns, avoid hard-to-type sequences, and reuse structures. Studies analyzing leaked password databases consistently find that "user-chosen" passwords with the same nominal character set as random passwords are 10-100× easier to crack because they cluster around common patterns.
KeyForge uses the Web Crypto API's crypto.getRandomValues() — the same cryptographic randomness source used by browsers for TLS encryption. This provides true entropy from your operating system's entropy pool (hardware noise, timing jitter, etc.), not a pseudo-random number generator that could theoretically be predicted given enough output.
The practical recommendation: for website accounts, use a password manager generating 20+ character random passwords. For master passwords (password manager, email, banking), use diceware passphrases of 6+ words — they achieve 77+ bits of entropy and are feasibly memorable. Try our Password Strength Checker to evaluate any existing password's entropy and time-to-crack estimate.