🔐 Password Generator¶

Live at: aguidetocloud.com/password-generator/ Built: April 2026 Cost: $0 — 100% client-side JavaScript, zero API calls Accent colour: Fuchsia #D946EF CSS namespace: .pwgen-* Body class: page-password-generator

What It Does¶

A world-class password generator and strength checker that creates unbreakable passwords, passphrases, PINs, and custom recipe-based passwords. Includes a real-time strength analyser with breach database checking via Have I Been Pwned's k-anonymity API. Everything runs 100% in the browser — no passwords are ever sent to any server.

Think of it like 1Password's generator + Bitwarden's strength checker + EFF's Diceware — all in one free tool with no sign-up, no ads, and no data collection.

Why This Tool Exists¶

The Problem¶

Most online password generators are ad-laden and suspicious — users don't trust them
Built-in browser generators are basic — no passphrase mode, no strength feedback
1Password and Bitwarden lock generators behind account creation
Existing tools give misleading strength scores — length-based, not entropy-based
No tool combines generation + checking + breach lookup + educational passphrase builder in one place
Enterprise users need policy-compliant passwords (Word-Number-Word-Symbol) but have no easy generator

Our Differentiator¶

Feature	1Password	Bitwarden	Ours
Generation modes	2 (Random, Memorable)	2 (Password, Passphrase)	5 (Random, Passphrase, PIN, Pronounceable, Recipe)
Strength checker	❌ None	Basic	Advanced (entropy + pattern detection + HIBP breach check)
Recipe/template mode	❌	❌	✅ `Word-0000-Word-!` patterns
Breach database check	❌	❌	✅ HIBP k-anonymity (privacy-safe)
Crack time estimates	❌	Basic	3-tier (online, offline, GPU cluster)
Pattern detection	❌	❌	✅ Keyboard, sequential, leet speak, dates, repeats
Word list	Unknown	EFF (7,776)	EFF Diceware (7,776 words, loaded from JSON)
Percentile comparison	❌	❌	✅ "Stronger than ~95% of passwords"
Sign-up required	✅ Free trial	✅ Account	❌ None
Cost	$2.99/mo+	Free (limited)	Free forever

Architecture¶

Files¶

content/password-generator/
  _index.md                    # Front matter + 8 FAQ items

layouts/password-generator/
  list.html                    # Template — 3 tabs, JSON-LD, tool-hero

static/css/
  password-generator.css       # 24 KB — .pwgen-* namespace, fuchsia accent

static/js/
  password-generator.js        # 61 KB — all logic, CSPRNG, strength analysis

static/data/password-generator/
  wordlist.json                # 76 KB — 7,776 EFF diceware words

Dependencies¶

Zero CDN dependencies — pure vanilla JS
Web Crypto API — crypto.getRandomValues() for CSPRNG
Web Crypto subtle — crypto.subtle.digest('SHA-1') for HIBP hash
HIBP API — api.pwnedpasswords.com/range/ (k-anonymity, only 5-char hash prefix sent)

State Management¶

const S = {
  mode: 'random',           // Current generation mode
  password: '',             // Current generated password
  passwordVisible: true,    // Eye toggle state
  checkVisible: false,      // Check tab eye toggle
  wordList: null,            // Loaded EFF word list (7,776 words)
  wordListIsFallback: false, // True if JSON fetch failed
  history: [],              // Last 20 passwords (session-only)
  ppWords: [],              // Current passphrase builder words
  ppWordCount: 5,           // Default word count
  genCounter: 0,            // Async race prevention counter
  bulkPasswords: null       // Last bulk generate results
};

Features — Tab by Tab¶

Tab 1: 🔐 Generate¶

5 generation modes:

Mode	How it works	Entropy source
🎲 Random	Chars from pool (upper/lower/num/sym)	`length × log2(poolSize)`
📖 Passphrase	Random words from EFF list	`wordCount × log2(7776)` ≈ 12.9 bits/word
🔢 PIN	Digits only (4-12)	`length × log2(10)`
🗣️ Pronounceable	CV syllable structure (onset+nucleus+coda)	`syllables × log2(33×5×14)`
🧾 Recipe	User-defined pattern templates	Token-based calculation

Quick-start presets: - 🏦 Banking — 20 chars, all character types - 📱 Phone PIN — 6-digit PIN - 🧠 Memorable — 4-word passphrase - 📶 WiFi — 12 chars, no symbols

Other features: - One-click copy with ✓ feedback - Regenerate button (🎲) - Show/hide toggle (👁️) - Dark/light readability preview (🌙/☀️) - Strength meter bar with animated fill + glow on Very Strong - Crack time estimate (offline, 100B guesses/sec) - Percentile comparison ("Top 2%") - Bulk generate 10 → copy all or download .txt - QR code export → opens /qr-generator/ with password pre-filled - Password history (last 20, session-only) - Keyboard shortcuts: Enter = regenerate - Word count hint (⚠️ < 5 words, ✅ 5+ words)

Tab 2: 🔍 Check My Password¶

Real-time analysis as you type: - Score ring (SVG, 0-100) with animated stroke - Strength label (Very Weak → Very Strong) with colour - Percentile ("Stronger than ~95% of passwords") - 3-tier crack time estimates: - Online (1K/sec, rate-limited) - Offline fast hash (100B/sec, MD5-class) - GPU cluster (1T/sec) - Character composition bars (length, upper, lower, numbers, symbols, unique)

Pattern detection (warnings): - Common password database (40+ entries) - Keyboard patterns (qwerty, asdfgh, 1qaz2wsx, etc.) - Sequential characters (abc, 321) - Repeated characters (aaa) - Date patterns (2024, 12/25/2024) - Leet speak substitutions (p@ssw0rd → password) - Low character variety

HIBP breach check: - Uses k-anonymity — only first 5 chars of SHA-1 hash sent - Shows "Found in X,XXX data breaches!" or "Not found ✅" - Graceful fallback if offline/blocked

Privacy badge: "Your password is analysed locally — never sent to our servers"

Tab 3: 🧩 Word Builder¶

Interactive passphrase construction: - Word chips — click any word to reroll just that one - Pop animation on rerolled chips - Add/Remove word buttons (min 2, max 12) - Copy full passphrase button - Reroll All button

Options: - Separator: hyphen, space, dot, underscore, none - Capitalise each word - Append random number - Append random symbol

Entropy breakdown table: - Word count, word list size, entropy per word - Total entropy (bits) - Crack times (online, offline, GPU) - Equivalent random character count

Recipe Mode — Pattern Reference¶

Token	Output	Entropy
`Word`	Random capitalised word from EFF list	~12.9 bits
`0`	Random digit (0-9)	~3.3 bits
`!`	Random symbol from 13-char set	~3.7 bits
`A`	Random uppercase letter	~4.7 bits
`a`	Random lowercase letter	~4.7 bits
`C`/`c`	Random consonant (upper/lower)	~4.4 bits
`V`/`v`	Random vowel (upper/lower)	~2.3 bits
Any other char	Literal (kept as-is)	0 bits

Built-in presets:

Name	Pattern	Example output
Word-NUM-Word-SYM	`Word-0000-Word-!`	`Scrabble-4776-Sulphuric-?`
WordSymWordNums	`Word!Word0000`	`Plausibly^Mandolin2267`
Words-with-Nums	`Word-Word-Word-00`	`Giddily-Shady-Matted-87`
Syllables	`Cvcc0-Cvcc0-Cvcc0!`	`Xayk4-Mupt4-Rimz2#`

Strength Analysis Algorithm¶

Entropy Calculation¶

For Random mode:

entropy = length × log2(poolSize)
where poolSize = sum of: lowercase(26), uppercase(26), digits(10), symbols(33)

For Passphrase mode:

entropy = wordCount × log2(wordListSize)  // 7776 → ~12.9 bits/word
+ log2(1000) if number appended

For Pronounceable mode:

syllables = ceil(length / 2.6)
entropy = syllables × log2(33 × 5 × 14)  // onset × nucleus × coda
+ syllables × 1 if mixed case
+ log2(10 × length) if numbers

Pattern Penalties¶

Pattern	Penalty
Common password (exact match)	Entropy capped at 5 bits
Keyboard pattern found	Entropy × 0.3
Sequential characters (per instance)	Entropy × (1 - 0.15 × count)
All same character (unique=1)	Entropy capped at 10 bits
Very low variety (unique ≤ 3)	Entropy × 0.25
Repeat ≥ 3 chars (general)	Entropy × 0.6
Date-like pattern	Entropy × 0.7
Leet speak → common password	Entropy × 0.3

Score Mapping¶

Entropy range	Score range	Label
0-28 bits	0-20	Very Weak
28-36 bits	20-40	Weak
36-60 bits	40-60	Fair
60-80 bits	60-80	Strong
80+ bits	80-100	Very Strong

Percentile Mapping¶

Based on breach database studies (~50% of real passwords score <20):

Score	Percentile
0	Top 100%
20	Top 50%
40	Top 25%
60	Top 10%
80	Top 2%
100	Top 1%

Pronounceable Algorithm¶

Uses syllable structure: Onset + Nucleus + Coda

Onsets (33): b, c, d, f, g, h, j, k, l, m, n, p, r, s, t, v, w, z, br, ch, cl, cr, dr, fl, fr, gr, pl, pr, sh, sl, sp, st, tr
Nuclei (5): a, e, i, o, u
Codas (14): (empty×9), n, m, s, l, r — ~64% open syllables for natural rhythm

This produces genuinely speakable passwords like "frulumtomajugo", "prenjemnawosin", "vizuchakuremef".

SEO¶

JSON-LD schemas: WebApplication + FAQPage (from baseof seo-jsonld partial) + BreadcrumbList
8 FAQ items covering: safety, strength meter, passphrases, storage, strong passwords, offline use, crack time, word list
Pagefind searchable block with keywords
Meta description optimised for "free password generator" intent

Integration Checklist (for future session)¶

Items NOT done yet (deferred to a dedicated integration session):

[ ] Add to data/toolkit_nav.toml (prev/next nav)
[ ] Add to baseof.html body class chain (page-password-generator)
[ ] Add to data/tool_colours.toml (⚠️ #D946EF hue 292° is 8° from AI News 300° — may need adjustment)
[ ] Add card to /free-tools/ page
[ ] Add to nav dropdown under appropriate category
[ ] Add to homepage toolkit section
[ ] Bump tool_count in hugo.toml
[ ] Bump cache_version in hugo.toml
[ ] Add SWA cache route for /data/password-generator/* in staticwebapp.config.json
[ ] Run full smoke test after deploy
[ ] Add counter entry to data/tool_counters.toml

Maintenance¶

Word list: Static EFF diceware list — no updates needed unless EFF publishes a new version
Common passwords: Consider expanding the 40-entry set periodically from breach database releases
HIBP API: Free, no auth, no rate limits for the range API. If they change the API, update the checkHIBP() function
Staleness: 🟢 Low — pure client-side tool with no data dependencies