How it works
Integers and password characters are sampled with rejection-sampled bytes from crypto.getRandomValues to avoid modulo bias. UUIDs use the browser-native crypto.randomUUID() when present.
FAQ
Is this cryptographically secure? Yes. We use crypto.getRandomValues (and crypto.randomUUID where available) — never Math.random. The browser's WebCrypto API guarantees the output is suitable for passwords, tokens, and UUIDs.
How long should my password be? In 2026, 16+ characters with mixed classes is the modern minimum for non-throwaway accounts. 20–24 with all character classes enabled is comfortable. For a primary email/banking account, 30+ is sensible (you'll store it in a password manager anyway).
What is a UUID v4 for? A UUIDv4 is a 128-bit random identifier in the canonical 8-4-4-4-12 hex format. Use it as a primary key, file identifier, request id, or anywhere you need a globally-unique value with negligible collision risk (collisions are ~2⁻⁶¹).