
              curl -s 'https://api.whittly.dev/v1/password?length=20&upper=true&lower=true&digits=true&symbols=true&count=5' \
  -H 'Authorization: Bearer $WHITTLY_API_KEY'


              const res = await fetch(
  'https://api.whittly.dev/v1/password?length=20&upper=true&lower=true&digits=true&symbols=true&count=5',
  { headers: { Authorization: 'Bearer ' + apiKey } }
);
const data = await res.json();


              const { data } = await axios.get(
  'https://api.whittly.dev/v1/password?length=20&upper=true&lower=true&digits=true&symbols=true&count=5',
  { headers: { Authorization: 'Bearer ' + apiKey } }
);

// proteam password policiespro·history syncproupgrade →

// about this tool

A strong password is long, random, and uses a diverse character set. This generator uses the browser's cryptographically secure random number generator (crypto.getRandomValues) to produce passwords that cannot be predicted even if an attacker knows the algorithm.

// when to use

Generate a new password for a service that requires one
Create an API key or secret token
Generate a temporary password to share with a new user
Create a passphrase for a key file or database

// faq

How is the entropy score calculated?

Entropy (in bits) = log2(charset_size) × password_length. A 16-character password using all character types (~94 chars) has around 105 bits of entropy — effectively uncrackable with current hardware.

Is the generated password sent anywhere?

No. Passwords are generated using crypto.getRandomValues in your browser. Nothing is sent to any server. The source code is open for inspection on GitHub.

// related tools

// about this tool

// when to use

// faq