Build your perfect password step by step — customise every detail with our interactive password builder.
Check if your password appeared in a data breach. Uses k-anonymity — your password is never sent anywhere.
⚙️ Only the first 5 chars of a SHA-1 hash are sent — your password never leaves your device.
Never reuse passwords. One breach exposes all your accounts.
16+ characters is the minimum for serious security. Go longer for critical accounts.
Remember one master password. Let a manager handle the rest securely.
Two-factor authentication blocks 99% of attacks even if your password leaks.
No birthdays, names or pet names. These are the first things hackers try.
Use our breach checker regularly. Change any compromised password immediately.
Yes. We use crypto.getRandomValues() — your browser's cryptographic random number generator. Nothing is sent to our servers.
At least 16 characters for most accounts. Use 20+ for email, banking and anything critical.
We hash your password with SHA-1 in your browser, then only send the first 5 characters to HaveIBeenPwned. Your actual password never leaves your device.
Absolutely. It's the single best thing you can do for your online security. NordPass, 1Password and Dashlane are our top picks.
Yes — once loaded, the generator works entirely in your browser. No internet needed to generate passwords.
Store every password securely — only remember one master password.
Military-grade XChaCha20 encryption. Zero-knowledge. Works on all devices.
Get NordPass →* Affiliate links — we may earn a commission at no extra cost to you.