The majority of hacking related breaches occur from weak and stolen passwords. Having secure passwords is extremely important to safeguard your digital life. Padlock is a password generator that helps you do just that, featuring multiple cryptopgrahically secure random generators which you can choose from for both secure passphrases and passwords. The passwords generated with this app under optimum settings are impossible to cack. You can also use it to check the strength of your existing passwords and how long on average it would take a hacker to crack. The tool runs locally in your web browser and no information is ever sent to any servers. This project is open source on Github under the permissive MIT license.

Which generator should I use?

• Random String Method: This is the most random generator that is available in the app. It generates a completely random string based on the checkboxes and length based on the slider. This is usually extremely strong, however they are not so easy to remember. Consider using this method if you have a password manager.
• Pseudoword Method: A method that attempts to generate pronouncable and easy to read passwords. These features make it much more easier to remember than Random String Method. It is also generated based on the length of the slider but may not be guaranteed to always produce a result that is pronouncable. It is recommended that you generate multiple passwords and decide what sounds the best.
• Passphrase Method: A passphrase generator based on the XKCD comic. It uses words from the English dictionary and therefore is easy to remember with the added benefit of having more bits of entropy making it extremely hard to crack. However, not all websites and apps allow passwords that are this long. So passphrases are better suited for encrypting files, drives, etc..
• Pseudoword + Passphrase Method: This method generates passphrases that consists of pseudowords (pronouncable yet not actual words). This makes it extremely secure than regular word passphrases as these words are not in any dictionary and therefore much more harder to guess. If you wish to secure extremely valuable assets such as drives and wallets, munged pseudoword passphrases are the way to go.

Best practices.

• The best way to use the generated passwords is to modify them in ways known only to you. Eg: make some letters capital, add symbols and numbers, or even combine two generated passwords.
• Never reuse passwords. Generate fresh new ones for each need and store them in a password manager or an encrypted file.
• Use multi-factor authentication methods whenever available. Using a password alone is not the safest of methods these days. Multi-factor authentication like email or message auth, biometrics, etc... makes it almost or truly impossible for an attacker to gain access to the account.
• Don't use any personally identifiable information in your passwords. Although they may be easier to remember, they could also be found online making it very easy to guess.
• Rotate passwords often. Keeping the same password for long periods of time gives attackers more time to guess or crack it.