Privacy-first · Local-only

Passwords your workplace policy will actually accept.

Q: How are passwords randomised?

We use crypto.getRandomValues() with rejection sampling to avoid modulo bias, never Math.random().

Generate strong, compliant passwords for staff accounts, admin logins and shared systems — entirely in your browser. No sign-up, nothing transmitted, nothing stored.

Open full generator Read the policy guide

✓ Policy presets ✓ Runs locally ✓ No account needed

Generate a password

Generating…

Strength: — 0 bits of entropy

Length

Lowercase (a–z) Uppercase (A–Z) Numbers (0–9) Symbols (!@#$…) Exclude look-alikes One of each selected type

Runs entirely in your browser — nothing is transmitted or stored.

Built for the workplace, not just the password

Policy presets

One click sets length and character rules for standard staff accounts, strong logins, privileged/admin credentials or numeric PINs — sized to common corporate and compliance requirements.

Private & local-only

Generation happens with the browser's Web Crypto API. No server round-trips, no logging, no analytics on your passwords. What you generate never leaves the device.

No sign-up, no friction

No account, no email wall, no upsell. IT teams can bookmark it, share it internally, and use it on locked-down machines without installing anything.

Length beats complexity

Modern guidance from NIST SP 800-63B recommends favouring password length over forced character rules and frequent resets. A long passphrase or a 16+ character random string is both stronger and easier to manage than a short string padded with mandatory symbols.

WorkPassword scores every result by entropy in bits — calculated as length × log₂(pool size) — and labels it with a clear word and colour, never colour alone. Pair generated credentials with a team password manager and SSO/2FA wherever you can.

See how strength is measured →

Quick answers

Are these passwords generated privately?

Yes. Every password is generated locally in your browser using the Web Crypto API. Nothing is transmitted to a server or stored anywhere.

What makes a password compliant for work?

Most modern policies, following NIST SP 800-63B, favour length over forced complexity. Our presets produce passwords that comfortably meet common corporate length and character requirements.

Do I need to sign up?

No. There is no account, no email, and no sign-up. Open the page and generate as many passwords as you need.

How are passwords randomised?

We use crypto.getRandomValues() with rejection sampling to avoid modulo bias — never Math.random().

Guidance for IT teams & small businesses

Practical, non-alarmist reading on building password policies that people actually follow.

Browse the blog