Measure how strong a password really is — entropy in bits, estimated offline crack time and a plain-language weakness check — then generate a cryptographically secure password or passphrase. Everything runs in your browser; the password is never sent anywhere. Aligned to NIST SP 800-63B.
⚠️ Entropy and crack-time figures assume an offline attacker who has the password hash and tries it against a fast hash; they are order-of-magnitude estimates, not guarantees, and assume a password chosen at random. Real attackers use breached-password and dictionary lists, so a "high-entropy-looking" but common or predictable password can fall instantly. Use a password manager, enable multi-factor authentication, and never reuse passwords. This tool gives general guidance, not a security audit, and stores nothing.