โ Frequently Asked Questions
Is my password saved or sent to a server?
Absolutely not. All analysis happens entirely in your browser using JavaScript. Your password is never transmitted over the internet, never stored in any database, and never logged. Once you close the tab, the password is gone. This is 100% private and secure by design.
How is the crack time calculated?
Crack time is estimated based on the password's entropy โ calculated from its length and the character set used. We assume a modern attack rate of 10 billion guesses per second (GPU-based brute force). The estimate also accounts for common patterns, dictionary words and sequential characters which significantly reduce effective strength.
What makes a password strong?
Length is the single most important factor โ each additional character multiplies the search space exponentially. Beyond length, mixing character types (uppercase, lowercase, numbers, symbols) increases the character set size. Avoiding common words, names, dates and patterns prevents dictionary attacks. A truly random 16+ character password mixing all types is considered very strong.
How does the password generator work?
The generator uses your browser's built-in cryptographic random number generator (window.crypto.getRandomValues) to create truly random passwords. You can choose length (8-64 characters) and character types. Generated passwords are never sent anywhere and exist only in your browser tab.