Secure Password Generator

Why your current passwords are vulnerable

They're too short - 8 characters crack in hours against a stolen MD5 or SHA-1 hash

They follow predictable patterns - names, dates, logical sequences

They're reused - one breach compromises all your accounts

Create a new password or test the strength of an existing one.

Number of words:
Strength:

🔒 Your password is generated locally in your browser. Nothing is sent to our servers.

Why words instead of characters?

Password security is measured by the number of possible combinations, not how it looks. 5 random French words from a pool of 5,898 represent 7.1 × 10¹⁸ combinations - over 23 million years to crack (bcrypt), while remaining memorable.

x7$kQ!9m

Hard to remember

vs

Plume-Jardin-Corail-Forge-Sapin

Harder to crack + easier to remember
Method Possible combinations Crack time*
8 characters 95⁸ = 6.6 × 10¹⁵ 21,000 years
12 characters 95¹² = 5.4 × 10²³ 1.7 trillion years
4 words 5,898⁴ = 1.2 × 10¹⁵ 3,800 years
5 words 5,898⁵ = 7.1 × 10¹⁸ 23 million years

* These numbers assume the best-case scenario for the attacker: they know our exact method (the 5,898-word list, the number of words, the character set). This is Kerckhoffs's principle, the golden rule of cryptography: never rely on secrecy of the method, only on the randomness of the draw. Attack speed: 10,000 attempts/second (bcrypt/Argon2, stolen hash).

LegaKeep uses 5,898 common French words from Lexique 3.83, an academic corpus. Words you know, easy to remember, impossible to guess.

Learn more: Why words make a better password →

A strong password isn't enough

One unique password per service - a breach should only compromise one account

A password manager so you don't have to remember everything

Never share a password by email or message - if someone asks for it, it's a scam

You just created a strong password.
Where will you store it?

LegaKeep protects your documents and passwords with zero-knowledge encryption. Even our servers cannot read them.

Protect my documents for free →

Frequently asked questions

Is the generator really free?
Yes, with no usage limits and no account required. The generator runs entirely in your browser.
Is my password sent to your servers?
No. Neither generation nor testing transmits anything. Everything happens locally on your device.
What is a word string?
A word string is a password made of several random words. For example, Plume-Jardin-Corail-Forge. It's easier to remember than a string of characters and just as resistant - or more so.
Why words instead of random characters?
Password security depends on the number of possible combinations, not apparent complexity. Four French words chosen at random from 5,898 produce billions of combinations - as many as a string of special characters, but much easier to remember. This is the same principle as Diceware, used by cybersecurity experts.