Random password generator

Length of password in words:
Entropy: __ bits

This page will randomly generate a password consisting of common English words. It was inspired by xkcd 936. The randomness source is window.crypto.getRandomValues.

How do I know it's safe to use this page to generate passwords?

If you can read JavaScript, it is recommended that you read the source code (it's only 33 lines of JavaScript). This page is a self-contained HTML file with no external dependencies and is purposely minimalistic, so that it can easily be saved locally and audited.

I generated 15 passwords (of 4 words each), and I saw the same word "foo" generated twice. Is this normal?

Yes. Based on the birthday paradox, if you randomly pick 60 words from a set of 2500 words (with replacement), the probability of seeing a word repeated is approximately:
1 - exp(-60*(60-1)/(2*2500)) = 51%

How strong should my password be?

It depends on your threat model. Examples:

Word list: