Security & Crypto
8 toolsGenerate strong passwords, passphrases, PINs, API tokens, and one-time passcodes. Run encryption, hashing, and Caesar ciphers locally — secrets never leave your device.
Password Generator
Free password generator using your browser's SubtleCrypto. Pick length, character classes, and exclude lookalikes. Passwords never leave the page.
Password Strength
Password strength meter — estimate how long a password would take to crack and get tips to harden it. Checks run locally; nothing is ever sent anywhere.
Caesar Cipher
Free online Caesar cipher: encode or decode text with any ROT-N shift, with one-click ROT13. All encryption and decoding runs in your browser.
TOTP Generator
TOTP generator online — create RFC 6238 time-based one-time passwords from a secret key, with a live countdown. The secret never leaves your browser.
API Token Generator
Random token generator — create secure API keys, session IDs, and secrets in hex or Base64URL using crypto-grade randomness. Free, made in your browser.
PIN Generator
PIN generator — create random 4, 6, or 8 digit PIN numbers (or any length) with real cryptographic randomness, one at a time or in bulk. Free and instant.
Passphrase Generator
Diceware passphrase generator — create memorable, strong passphrases from a word list with adjustable length and separators. Generated locally, in private.
htpasswd Generator
htpasswd generator — create Apache .htpasswd lines with bcrypt hashing for HTTP basic auth users. Free, and your credentials never leave your device.
Client-side security tools that keep secrets on your device
The tools in this category generate the small pieces of unpredictability that good security depends on: strong passwords, memorable passphrases, one-time codes, PINs, and random tokens. What sets them apart is where the work happens. Every value is produced in your own browser using your device's built-in cryptographic randomness, and nothing you generate is sent to a server. A password you create here has never travelled across the network, which is exactly the property you want from a secret.
Why randomness quality matters
A secret is only as strong as the randomness behind it. Humans are predictable — we reuse names, dates, and keyboard patterns — and so are weak software random generators, which is why attackers can guess passwords that "look" random to us. Proper tools draw from the browser's cryptographically secure generator, the same source used for encryption keys, so each character or word is genuinely unpredictable. A long passphrase of several random words is often both stronger and easier to remember than a short string of symbols, because its strength comes from length and true randomness rather than from being hard to type.
Secrets that never leave the device
Running entirely client-side means there is no upload, no logging, and no account behind these tools, so there is no copy of your secret sitting in someone else's database waiting to be breached. That said, the responsibility for what happens next is yours: once a value is generated, store it in a reputable password manager rather than a sticky note or a plain text file, and clear it from your clipboard when you're done. The tool can hand you a strong secret, but only careful handling keeps it secret.
A tool helps, but it is not the whole job
Generating strong credentials is one layer of defence, not a complete strategy. These tools do not replace turning on two-factor authentication, keeping software patched, being wary of phishing, and avoiding reused passwords across sites. Treat them as a reliable source of strong building blocks, and pair them with those everyday habits — that combination, not any single tool, is what actually keeps an account safe.