About WorkPassword

WorkPassword is a privacy-first password generator built for the realities of the workplace — employees who need credentials that pass policy, IT teams who need a tool they can trust on locked-down machines, and small businesses that cannot afford a security incident.

What we believe

Good security should be the easy path. Too many password tools either lock value behind sign-ups and subscriptions, or quietly send what you generate to a server. We took the opposite approach: everything runs in your browser, nothing is transmitted or stored, and there is no account to create.

Our guidance follows current best practice — most notably NIST SP 800-63B, which favours length over forced complexity and discourages routine password expiry. We will never be alarmist. The aim is to help teams make a few high-impact changes and move on.

How the generator works

Local-only: passwords are generated on your device with the browser's Web Crypto API.
Cryptographically secure: we use crypto.getRandomValues() with rejection sampling to avoid bias — never Math.random().
Policy-aware: presets map to common corporate account tiers, and every result is scored by entropy in bits.
No tracking of secrets: what you generate is yours alone and never leaves the page.

Who writes our guidance

Daniel Mercer — IT Security Consultant

Daniel helps small and mid-size businesses build practical, compliant password policies and choose tooling their staff will actually use. He has spent years turning dense standards into short, enforceable rules, and writes all of WorkPassword's guidance with a bias toward what teams will really do — not what looks good in an audit binder. Reach him at [email protected].

Our privacy stance, in one line

We can't leak what we never receive. WorkPassword has no password database because your passwords never reach us — they are created and stay on your device.

Try the generator Get in touch