Random Password Generator
Securely generated • Beautifully presented • Local in browser
Explanation & Tips
This Password Generator is a single, self-contained code block (HTML/CSS/JS) that you can easily insert into Elementor Free via the "HTML" widget. It is consciously built to work without plugins, look clean on mobile, and interfere as little as possible with your theme (everything is encapsulated via the wrapper class lc-passgen).
For true randomness, the generator uses the Web Crypto API (crypto.getRandomValues). This means the characters do not come from simple pseudo-randomness, but from a cryptographically strong source in the browser. This is crucial because a password needs to be not just "long," but primarily unpredictable.
Value-added features: You get a live strength indicator, a rough entropy estimate in bits, and a conservative crack-time estimate derived from it as orientation. Additionally, there is a "Show" toggle to prevent shoulder-surfing risks, a copy button with feedback, and a clickable history (only in your current session; it disappears upon reload).
You can switch between two modes: Random Password (character string) and Passphrase (multiple random words). Passphrases are often easier to remember – the important thing is that you use enough words (usually 5–6 or more) and no known sayings. For password managers, long, random character strings are ideal (e.g., 16–24 characters).
Integration in Elementor: Edit page → Add "HTML" widget → Paste complete code → Update. Tip: Place the tool in its own section with some spacing above/below, then it looks like a standalone feature.
Practical for visitors: via the Profiles, you can meet typical requirements with one click (e.g., "Compatible" without exotic characters or "Extra strong"). The crack-time is based on a very rough assumption of a fast offline attack and calculates with half the search space on average; in practice, rate limits, captchas, and secure hashes can massively slow this down – or accelerate it easily with weak hashes and leaks. Therefore: Use values as orientation, not as a guarantee.
FAQ
How secure is the generator?
The passwords are generated with crypto.getRandomValues, a cryptographically strong source in the browser. However, it only becomes "secure" through good settings: For important accounts, 16–24 characters with multiple character types are a very solid basis. Even more important: a unique password per account and additionally 2-Factor Authentication where possible.
Does the page store or transmit my password?
No. The code sends nothing to a server and loads no external scripts. The history is kept only in the working memory of your current session (tab session) and disappears upon reload or close. Copying happens locally via the browser's Clipboard API.
What do Entropy and Strength Indicator mean?
Entropy is a measure of unpredictability. Here, it is calculated approximately from the length and size of the character set. The strength indicator is consciously a heuristic: It helps you compare settings, but does not replace good practices like one-time passwords, password managers, and leak checks for particularly sensitive accounts.
What are "avoid similar characters" and "force every selection" good for?
"Avoid similar characters" reduces confusion (e.g., O/0, I/l), which can be helpful for manual entry or sharing via phone. "Force every selection" ensures that a password doesn't accidentally consist only of lowercase letters even though you enabled numbers/symbols – practical for strict password policies.
Password or Passphrase – which is better?
With a password manager: take a long random password (16–24+). If you have to remember it: Passphrase. Crucial is the length: better 6 random words than 2 words with an exclamation mark. Avoid known quotes, song lyrics, or "clever" patterns – these land often in dictionaries.
Why is the Crack Time only an estimate?
Attacker speed depends heavily on the scenario. Online logins are usually slow due to rate limits; offline attacks on weak hashes can be very fast. Hardware (GPU/ASIC), hash algorithms (e.g., Argon2 vs. insecure hashes), dictionary strategies, and leaks also play a role. The display is therefore conservative and serves as a comparison, not a promise.
Does this work on mobile devices?
Yes, the interface is responsive and optimized for touch. Copying uses the modern Clipboard API; if a very old browser blocks this, you can manually select the result. For maximum security, you should keep your device updated and generate no passwords on foreign, untrusted devices.
Embed this Calculator on Your Website
You can integrate this calculator for free into your own website. Get the embed code on our overview page.