Password generator

Cryptographic randomness · Everything runs in your browser · No trackers

Create strong passwords and passphrases

Uses cryptographic randomness (not Math.random). Your preferences are stored locally.

— bits

Length 16

A-Z Uppercase a-z Lowercase 0-9 Digits !@# Symbols

Exclude ambiguous characters (0/O · 1/l/I · |/¦ · 5/S · 8/B · ` /')

Number of words 5

Separator

Capitalise words Append digit at the end

So where do I store all these passwords?

Create your encrypted vault for free: every password is wrapped with AES-256 derived from your PIN. No trackers, no ads.

Create free vault

What people say

They trust us to protect their day-to-day.

After years using 1Password I switched to Medel Vault and I don't miss anything. Zero-knowledge encryption gives me the peace of mind I need, and the interface is much cleaner.

María González UX Designer, Freelance

The password generator and anti-HIBP scan are just what my team needed. I recommend it to all devs.

Carlos Ruiz CTO, Stackmint

Finally a manager I understand. The 4-digit PIN makes opening the vault a snap and the emergency contacts give me peace of mind.

Lucía Pérez Journalist

Frequently asked questions

What you keep asking us.

How do I start using Medel Vault?

Sign in with Google, Apple, or an email code and create a 4-digit PIN. That PIN encrypts your data: no one else, not even us, can decrypt it without it. After creating it you will receive a recovery code that you must save in a safe place.

What encryption does Medel Vault use?

Your vault key is derived from the PIN with PBKDF2-SHA256 at 200,000 iterations and encrypts each item with AES-256 (envelope encryption per item). Session cookies use AES-256-GCM and the PIN is hashed with bcrypt cost 11. It's zero-knowledge: if our server went down tomorrow, the data in the database would still be noise without your PIN.

What happens if I forget my PIN?

You have two ways: (1) use the recovery code that you saved when creating the PIN — it unlocks the vault and lets you create a new PIN without losing data. (2) Request a reset from the PIN screen; You will receive an email with a link that delete your encrypted data. This is what makes encryption truly secure: not even we can recover them without your PIN or code.

What can I keep in my vault?

Five types of secrets, all encrypted with the same vault key: passwords (with icon and autocomplete), 2FA codes (TOTP), cards (number, expiration, CVC, holder), bank accounts (IBAN, ID, branch) and notes and files (rich text and sensitive documents such as PDFs or photos of the ID).

Does it replace Google Authenticator?

Yes. You scan the QR of any service and save the TOTP secret in your vault. The app generates 6-digit codes every 30 seconds, and when you change your phone you do not lose anything — just enter and see your codes again.

What are emergency contacts?

Up to 5 trusted people whom you authorize to request access to your vault. When you request it, a configurable wait begins (by default 7 days) during which you receive notifications and can deny it. If you do not respond, the contact agrees at the end of the period. Designed for when something happens to you — not for day-to-day shared use.

Does it notify me if one of my passwords is leaked?

Yes. We cross-check your passwords against public leak databases (HIBP) without ever sending the password in the clear — we use the k-anonymity model. If any appear, we will notify you by email so you can change it. In the Pro plan, the checks are in real time.

How much does it cost?

You start free, without a card — includes 50 items, 5 MB of files and 2 scans per month. Premium and Pro plans unlock unlimited vault, large archives, breach alerts, emergency contacts and unlimited scans. You can cancel whenever you want; It is not renewed without notice.