Security Tools
All Security Tools
Stay secure online — generate strong passwords, and decode any URL with AI to spot tracking parameters and suspicious links before you click.
Password Generator
Generate strong, secure passwords instantly.
URL Explainer
Decode UTM tags, affiliate IDs, tracking params, and flag suspicious URLs — AI explains every part.
About
Strong Passwords, Smarter Clicks
Weak passwords and unfamiliar links are behind the majority of account compromises. The Password Generator creates cryptographically secure random passwords using the browser's Web Crypto API — the same standard used by security professionals.
New: AI URL Explainer. Paste any URL and get a plain-English breakdown — what each query parameter does, what affiliate or tracking IDs are present, and whether the link shows signs of phishing (punycode lookalikes, embedded credentials, suspicious TLDs). Heuristics handle the obvious cases; Google Gemma explains anything unfamiliar.
Customise password length (8–128 characters), toggle uppercase, numbers, and symbols to meet any site's requirements. Generated passwords are never sent anywhere — they exist only in your browser.
Cryptographically Secure
Uses Web Crypto API (crypto.getRandomValues) — the gold standard for random generation.
AI URL Explainer
Paste any URL, get a plain-English breakdown. Decodes UTM tags, affiliate IDs, and flags suspicious links.
Fully Customisable
Set length from 8 to 128 characters. Toggle symbols, numbers, and uppercase.
Never Stored
Passwords are generated and shown in your browser only. Nothing is logged or sent.
Use Cases
When to Use These Security Tools
New Account Sign-Ups
Generate a unique strong password for each new account — banking, email, social media, and SaaS tools. Never reuse passwords across sites.
Password Manager Setup
Populate your password manager (1Password, Bitwarden, LastPass) with secure generated passwords for every existing account you're migrating.
API Keys & Secrets
Generate a random string to use as an API secret, webhook token, or session key. Choose max length and symbols for maximum entropy.
Meeting Corporate Policy
Many organisations require passwords of 16+ characters with mixed case, numbers, and symbols. Generate one that meets any complexity requirement instantly.
Replacing Compromised Passwords
If you receive a breach notification, generate a fresh unique password for the affected site immediately without reusing anything from your old pattern.
Shared Account Credentials
Create a strong shared password for team accounts or services — something no one will guess but that can be stored securely in a shared vault.
Suspicious Email Link Check
An email contains a link that looks slightly off — paste it into the URL Explainer to see the domain breakdown, hidden redirects, and any phishing-style signals before you click.
Affiliate & Tracking Audit
Curious whether a recommended link earns someone a commission, or whether your team's marketing UTM tags are filled correctly? The URL Explainer surfaces every parameter and its purpose.
Understand a Long Tracking URL
Marketing emails and ads often ship long URLs full of fbclid, gclid, utm_*, and other tags. The Explainer translates the entire query string into a one-line summary.
FAQ
Frequently Asked Questions
Very strong. We use Web Crypto API (crypto.getRandomValues) — the same cryptographic randomness standard used by security tools and professionals.
No. Passwords are created and displayed in your browser only. Nothing is transmitted, logged, or stored by us.
Yes — set length from 8 to 128 characters, and toggle uppercase, lowercase, numbers, and symbols to meet any site's password policy.
Minimum 12 characters for general accounts, 16+ for email and banking. The longer and more varied the characters, the more secure.
Yes. Reusing passwords means one breach exposes all your accounts. Use a password manager to store unique passwords for each site.
Yes. Generate a long random string with symbols for use as an API secret, webhook token, or session key. Choose max length for highest entropy.
It takes any URL you paste and breaks it down in plain English: domain structure, every query parameter (UTM tags, click IDs, affiliate codes), and any safety flags such as punycode lookalikes, missing HTTPS, embedded credentials, or URL shorteners that hide the destination. Local heuristics + Google Gemma cover the gaps.
Domain parsing, the known-parameter list (UTM, fbclid, gclid, etc.), and safety flags all run in your browser. The URL is only sent to Google Gemma when the AI is needed to identify unfamiliar parameters or write the plain-English summary. Avoid pasting URLs with private session tokens or one-time login codes.