DEV Community

David
David

Posted on

Building a Client-Side Password Generator — Zero Server, Zero Tracking

#javascript #tutorial #security #webdev

I recently shipped password-generator.co — a password generator that runs entirely in your browser. No server, no tracking, no accounts.

Here's the approach and why it matters.

The Problem

Most online password generators have a trust problem. You're generating a password — literally one of the most sensitive strings you'll ever create — and sending it to (or generating it on) someone else's server.

Even if the server doesn't log anything, you have no way to verify that.

The Solution: Pure Client-Side

password-generator.co generates everything in the browser using the Web Crypto API:

// Cryptographically secure random values
const array = new Uint32Array(length);
crypto.getRandomValues(array);
Enter fullscreen mode Exit fullscreen mode

crypto.getRandomValues() uses the operating system's cryptographic random number generator (CSPRNG). This is the same entropy source used by production encryption software.

Zero Network Requests

During password generation, the site makes exactly zero network requests. You can verify this yourself:

  1. Open DevTools → Network tab
  2. Generate a password
  3. Watch nothing happen

In fact, after the initial page load, you can disconnect from the internet entirely and the generator keeps working. It's a static site.

Features

  • Customizable length — 8 to 128 characters
  • Character set toggles — Uppercase, lowercase, numbers, symbols
  • Strength indicator — Visual feedback on password strength
  • One-click copy — Copies to clipboard instantly
  • Bulk generation — Generate up to 50 passwords at once
  • Mobile friendly — Works on any device

Security Tips While I Have Your Attention

A strong password generator is step one. Here's the full stack:

  1. Use a password manager — Bitwarden, 1Password, or KeePass
  2. Unique password per account — This is where most people fail
  3. 16+ characters minimum — Length beats complexity
  4. Enable 2FA everywhere — TOTP apps > SMS

Step 2 is where most people give up because remembering unique passwords is impossible without a manager. That's the real bottleneck.

What's Next

  • Passphrase generation — Diceware-style word combinations (e.g., correct-horse-battery-staple)
  • Entropy display — Show bits of entropy for generated passwords
  • PWA support — Install it as an app for offline access

The tool is free and will stay free: password-generator.co

It's part of a suite of 11 free developer tools I've built — all client-side, all no-signup.

Feedback and feature requests welcome. What would make this more useful for your workflow?

Top comments (0)