A few months ago I got frustrated. Every password tool online
was either paid, required sign-up, or shady about privacy.
So I built my own.
Password Giant is a free, fully client-side password toolkit.
Everything runs in your browser. Nothing ever touches a server.
It includes a strength checker, password generator, weak password
detector, common password checker, and entropy calculator.
Here is what I learned building it.
Most password advice is incomplete. "Use uppercase, lowercase,
numbers and symbols" sounds right — but P@ssw0rd1 follows all
those rules and gets cracked in 3 hours. What actually matters
is entropy, length, and uniqueness.
The biggest mistake people make is optimizing password format
instead of password habits. A randomly generated 16-character
password stored in a password manager beats any clever password
you manually create — every time.
Passphrases are also seriously underrated. correct-horse-battery-staple
has higher entropy than most random-looking passwords and is actually
memorable. NIST officially recommends them now.
And the most important thing I learned — reused passwords are more
dangerous than weak ones. One breach exposes every account using that same password.
If you want to test your passwords or generate new ones, everything
is free at passwordgiant.com — no account needed, works entirely
in your browser.
What password strategy do you use? Would love to hear from the dev community.
More...
was either paid, required sign-up, or shady about privacy.
So I built my own.
Password Giant is a free, fully client-side password toolkit.
Everything runs in your browser. Nothing ever touches a server.
It includes a strength checker, password generator, weak password
detector, common password checker, and entropy calculator.
Here is what I learned building it.
Most password advice is incomplete. "Use uppercase, lowercase,
numbers and symbols" sounds right — but P@ssw0rd1 follows all
those rules and gets cracked in 3 hours. What actually matters
is entropy, length, and uniqueness.
The biggest mistake people make is optimizing password format
instead of password habits. A randomly generated 16-character
password stored in a password manager beats any clever password
you manually create — every time.
Passphrases are also seriously underrated. correct-horse-battery-staple
has higher entropy than most random-looking passwords and is actually
memorable. NIST officially recommends them now.
And the most important thing I learned — reused passwords are more
dangerous than weak ones. One breach exposes every account using that same password.
If you want to test your passwords or generate new ones, everything
is free at passwordgiant.com — no account needed, works entirely
in your browser.
What password strategy do you use? Would love to hear from the dev community.
More...