Free Security Tools

100% client-side · nothing leaves your browser

Free security tools.

Small utilities for the everyday security work — rotating a password, sharing a credential safely, generating a strong passphrase. Everything runs in your browser, and I'm adding more over time.

How this works: the password, passphrase, and secret-message tools are pure HTML / CSS / JavaScript — nothing you type leaves your browser. The IP lookup below is the one exception: it calls api.ipify.org once so you can see the public address your browser presents.

Your public IP copied

Password Generator

Cryptographically random passwords via crypto.getRandomValues(). Defaults follow NIST 800-63B guidance for high-entropy machine-generated secrets.

Length

A–Z a–z 0–9 Symbols (!@#…) Avoid ambiguous (0/O, 1/l/I)

Estimated entropy: — bits copied

Passphrase Generator

Diceware-style passphrases — random words joined by a separator. Easier to type and remember; very strong with 4+ words.

Word count

Separator

Capitalize Append a digit

Approx. entropy: — bits copied

Secret Message (Token Link)

Send a credential or short message as a self-contained link. AES-GCM encrypts the payload in your browser; the key lives in the URL fragment (the part after #), which never reaches the server. The recipient opens the link, the page decrypts client-side, and the plaintext is wiped from memory after viewing.

Demo mode. This page encodes the full ciphertext into the URL itself, so no backend is needed for the Conduiv site. A production deployment would POST the ciphertext to a server (Cloudflare KV / Workers) keyed by an ID; the decryption key would still live only in the URL fragment, and the record would burn after first view.

Message to encrypt

Expiration (informational)

copied

Decrypt a Conduiv secret link

Need another tool? Tell me what would actually be useful — I keep a list.