Generate a strong, random password — choose length and character types freely, with a strength meter. Everything runs in your browser with cryptographically secure randomness; nothing is transmitted.
A secure password is at least 16 characters long, random, and mixes uppercase and lowercase letters, numbers and symbols. Use a unique password per account, store it in a password manager and enable two-factor authentication. Forge12's password generator creates such passwords 100% in the browser with cryptographically secure randomness (Web Crypto) — your password never leaves your device.
Need the WordPress-compatible hash ($P$) to set it directly in the database? To the WordPress password generator →
Security comes from length and randomness, not memorability. A random password with 16+ characters from all character types is practically impossible to brute-force — unlike a short word with a number appended.
The second key is uniqueness: one password per account. That way a data breach stays limited to a single service. You don't have to memorize them yourself — that's what a password manager is for.
No. The password is generated entirely in your browser (Web Crypto API). There's no server endpoint, nothing is sent or stored.
At least 16 characters. Length adds the most security: each additional character drastically increases the number of possible combinations. For very sensitive accounts, use 20+ characters.
Yes. The tool uses crypto.getRandomValues (the browser's cryptographically secure random generator) with bias-free selection — not the insecure Math.random.
So that a breach at one service doesn't endanger your other accounts. If a reused password leaks, attackers automatically try it everywhere (credential stuffing).
You don't — use a password manager. It stores all passwords encrypted; you only remember one strong master password and enable two-factor authentication.