Default policy: validate_password MEDIUM — servers may be configured stricter. · Entropy ~97 bits
A database password is the one secret you should never type into a random website — most online generators produce the password on their server, or at least could. This one is different by construction: the password is generated by your own browser with the cryptographically secure crypto.getRandomValues API, validated locally, and never transmitted anywhere.
It also knows what databases actually demand. Pick MySQL, PostgreSQL, SQL Server, or MongoDB and every generated password satisfies that engine's default policy — and the checker shows rule-by-rule why any password passes or fails. The connection-string safe mode avoids the characters (@ : / ? # and friends) that silently break Mongo URIs, SQL Server connection strings, and shell exports.
Generation and validation run entirely in your browser tab. No password, generated or pasted, is ever sent, stored, or logged anywhere — turn off your network and the tool keeps working.
The engine defaults: MySQL's validate_password MEDIUM level, PostgreSQL's passwordcheck module, SQL Server's Windows CHECK_POLICY complexity, and MongoDB Atlas's minimum length plus URI-safe characters. Deployments can be configured stricter — the tool tells you which baseline it is checking.
Characters like @ : / ? # [ ] have structural meaning in connection URIs, and ; or quotes break key-value connection strings and shell commands. They are legal in passwords but must be escaped everywhere they are used — the safe mode simply avoids them so the password works pasted anywhere.
They are drawn uniformly (rejection sampling, no modulo bias) from your browser's cryptographic random source, with the entropy shown in bits: a 16-character password from the full character set carries roughly 100 bits — far beyond any practical guessing attack.