🔐 pass.bmiio.us

It uses your browser's built-in crypto API (window.crypto.getRandomValues) — the same cryptographic standard used by banks and security apps. All generation happens locally in your browser; nothing is sent over the internet.

A strong password is long (16+ characters), uses a mix of uppercase, lowercase, numbers, and symbols, and contains no dictionary words or personal information. Each additional character exponentially increases cracking time.

For most accounts, 12-16 characters is adequate. For critical accounts (email, banking), use 20+ characters. Every extra character multiplies the time needed to crack it by 20-90x depending on the character set.

Yes — toggle the "Symbols" option. Symbols like !@#$%^&*() add significant complexity. However, some websites restrict certain symbols; you can uncheck this if needed.

Yes, this generator runs entirely in your browser (client-side JavaScript). No passwords are stored, transmitted, or logged. The CSPRNG (cryptographically secure pseudo-random number generator) ensures true randomness.