Generate strong, random passwords instantly. Nothing is stored or sent anywhere.
A strong password has four key properties: length, complexity, unpredictability, and uniqueness. Length is the most important factor — each additional character exponentially increases the number of possible combinations. A 12-character password is vastly harder to crack than an 8-character one. Complexity means using a mix of uppercase letters, lowercase letters, numbers, and special symbols. Unpredictability means avoiding dictionary words, names, dates, or keyboard patterns like "qwerty" or "123456". Uniqueness means using a different password for every account so that if one is compromised, others remain safe.
Yes, completely. All passwords on CalHub are generated entirely within your browser using the Web Cryptography API — specifically the crypto.getRandomValues() function, which uses a cryptographically secure random number generator. No passwords are ever transmitted to our servers, logged, stored in cookies, or shared in any way. You can verify this by disconnecting from the internet and the generator will still work perfectly — it requires no network connection to function.
The time needed to crack a password through brute force depends on its length, complexity, and the hardware used. An 8-character password using only lowercase letters has about 200 billion possible combinations and can be cracked in minutes with modern hardware. A 12-character password with uppercase, lowercase, numbers, and symbols has over 475 quadrillion combinations — that would take thousands of years with current technology. A 20-character random password is effectively uncrackable with any foreseeable computing power. This is why length matters so much — even a few extra characters make an enormous difference.
Yes, absolutely. The single best thing you can do for your online security is to use a password manager. Password managers like Bitwarden (free and open source), 1Password, or Dashlane generate, store, and autofill unique strong passwords for every site you use. You only need to remember one master password. Without a password manager, most people reuse passwords across sites — meaning one breach compromises many accounts. With a password manager, every account has a unique random password and a breach of one site does not affect any other. Generate your passwords here and store them in a password manager for the best security practice.
Despite widespread awareness of password security, many people still make avoidable mistakes. Using personal information like your name, birthday, or pet's name makes passwords easy to guess for anyone who knows you. Substituting letters with numbers or symbols (like "p@ssw0rd") is a well-known trick that password cracking software accounts for automatically. Using the same password across multiple sites means a single data breach exposes all your accounts. Writing passwords in plain text in a notes app or on paper creates physical security risks. Using short passwords for "less important" sites is also risky — attackers use credentials from minor site breaches to attempt logins on banking and email sites.