Frequently Asked Questions
How secure are the generated passwords?
Passwords are generated using cryptographically secure random number generators (Web Crypto API). The tool uses true randomness, not pseudo-random algorithms, making passwords extremely difficult to predict or crack.
Is my password sent to any server?
No. All operations are performed entirely in your browser using JavaScript. Your passwords never leave your device, ensuring complete privacy and security.
What makes a strong password?
A strong password should be at least 12-16 characters long, contain a mix of uppercase and lowercase letters, numbers, and special characters, avoid common patterns or dictionary words, and not contain personal information.
How does the leak checker work?
The leak checker compares your password against a database of common passwords and patterns from known breaches. For full breach detection, it references GitHub repositories containing millions of leaked passwords from major data breaches.
What are the hash functions used for?
SHA-256 and SHA-512 are cryptographic hash functions that create unique fingerprints of your password. AES-256 is an encryption algorithm used to encrypt data. These demonstrate how passwords should be stored securely (hashed, never in plain text).
How often should I change my passwords?
Change passwords immediately if you suspect a breach. Otherwise, change them every 3-6 months for sensitive accounts. Use unique passwords for each account and consider using a password manager.
What is password entropy?
Entropy measures the randomness and unpredictability of a password. Higher entropy means more possible combinations, making the password harder to crack. It's calculated based on character set size and password length.