Security tools

Twelve cryptographically secure generators for passwords, tokens, keys, secrets and JWTs. Every byte comes from your browser's CSPRNG — nothing is uploaded, nothing is logged, your secrets never leave the device.

12 tools

Passphrase generator New

Memorable, multi-language passphrases (English, Hindi, Spanish, French, German, Italian). Diceware-style, with entropy estimate, capitalisation and number/symbol toggles.

PIN code generator New

Bulk 4–12 digit PINs with sequence / repeat / date-pattern filters. Optional dashed or spaced format. Avoid 0000 / 1234 / DOB-style patterns.

API key generator New

Customizable length, character set and prefix (sk_live_, pk_test_, ak_). Optional key/secret pairs for OAuth-style flows.

API token generator New

High-entropy tokens with custom symbol set, ambiguity-aware filtering, and per-token entropy display. Up to 128-char tokens.

Bearer token New

OAuth 2.0-style bearer tokens. Hex, Base64, Base64-URL or alphanumeric encoding. Optional Bearer prefix and ready-to-paste curl snippet.

JWT generator New

Real signed JWTs (HS256 / HS384 / HS512) with custom claims, expiration, and a decoded preview. Verifiable on jwt.io with the same secret.

OAuth tokens New

RFC 6749 token responses — access + refresh + ID tokens. Drop-in for mock /token endpoints during integration testing.

Webhook secret New

HMAC-SHA256 / SHA1 / SHA512 secrets sized correctly for the algorithm. Live HMAC tester so you can verify signatures without leaving the page.

Laravel APP_KEY New

AES-256-CBC compatible base64:-encoded keys. Drop-in replacement for php artisan key:generate.

Yes or No New

Cryptographically fair coin flip. Animated reveal, custom labels, running stats. Perfect for tie-breakers and decisions.

Secret Santa New

Random gift-exchange pairings with exclusion rules (couples, family). Hidden reveal cards or printable folded slips.

Name picker New

Pick winners from a list with cryptographically secure draws. Single or multiple, with or without replacement, animated spin and history.

About the security category

Every tool in this category uses crypto.getRandomValues() — the browser's cryptographically secure pseudo-random number generator (CSPRNG) backed by the operating system's entropy pool. With rejection sampling for uniform distributions, the output is suitable for production secrets, not just toys.

Nothing is sent to a server. Open DevTools → Network and watch for yourself: the only outbound requests are static asset loads. Treat anything you generate here as live — don't paste it into a chat, don't screenshot it, don't email it to yourself in plaintext. Use a password manager.

Other categories

UtilityQR, resume, productivity TradersRisk, journal, swing FinanceLoans, investments India specificTax, EPF, PPF, NPS Business / MarketingROI, conversion Developer ToolsEncoders, formatters