WPRobo Password Generator
Strong passwords and passphrases, generated locally in your browser โ with one-click auto-fill and an encrypted on-device vault.
- Version: 1.1.0
- Manifest: V3
- License: MIT
- Price: Free
- Updated: June 24, 2026
What it does
Cryptographically secure
Uses the Web Crypto API (crypto.getRandomValues), never Math.random().
Passwords and passphrases
Adjustable length (6โ64 characters) or word-based passphrases (2โ8 words).
Fine-grained control
Toggle uppercase, lowercase, digits, symbols; exclude custom characters; avoid ambiguous or repeating characters.
Live strength meter
Entropy estimate and strength rating update as you adjust settings.
One-click auto-fill
Inject the generated password into the active tab's password field โ only when you ask it to.
Encrypted vault
Save passwords per-site and keep history of the last 20 generated passwords, all AES-GCM (256-bit) encrypted on your device.
Light and dark mode
Bundled fonts and icons for fully offline use.
Free and open source
Released under the MIT License. No paid tier, no upsell, no account required.
See it in action
Click any screenshot to view full size.
How to use it
- 1 Click the WPRobo Password Generator icon in your Chrome toolbar.
- 2 Choose password or passphrase mode and adjust length and character options.
- 3 Copy the password, or click Fill password on this tab to drop it straight into the focused login field.
- 4 Optionally save it for the current site, or review recently generated passwords in your history.
What it asks for, and why
Every Chrome permission this extension requests, with a plain-English reason. The same disclosure goes to the Chrome Web Store reviewers.
activeTab
Reads the domain/title of the tab you are currently on โ only when you open the popup โ so it can label saved passwords by site and offer to fill the current page.
scripting
Injects the generated password into the password field of the active tab when you click Fill. Runs only on the active tab and only on your action.
storage
Saves your theme preference, recent password history, and per-site saved passwords locally via chrome.storage.local.
The extension does not request host permissions and does not run a content script on every page. It only acts on a tab when you explicitly trigger it from the popup.
What gets stored on your device
| Data | Where | Leaves your device? |
|---|---|---|
| Generated password history (last 20 entries) | chrome.storage.local, AES-GCM encrypted | No |
| Passwords saved per-domain ("Save for this device") | chrome.storage.local, AES-GCM encrypted | No |
| The encryption key used above | Browser's IndexedDB, as a non-extractable WebCrypto key | No |
| Theme preference (light/dark) | chrome.storage.local, plain value | No |
| Domain name of the active tab | Read only in memory, to label saved entries and show the fill banner | No |
Encryption
Saved passwords and password history are encrypted with AES-GCM (256-bit) before they are written to disk. The encryption key is generated once per installation, stored as a non-extractable CryptoKey in IndexedDB (its raw bytes can never be read back out by any code, including the extension’s own), and used only to encrypt and decrypt data on this device.
This protects saved passwords from casual inspection of browser storage; it is not a substitute for a dedicated password manager with a master password, and does not protect against malware with full access to your browser profile.
Third parties
None. The extension bundles its own fonts and icons; it does not load anything from a CDN or third-party server, and includes no advertising, analytics, or tracking libraries.
Try WPRobo Password Generator โ free, forever.
No sign-up, no account, no tracking. Install in one click.
Add to ChromeWPRobo Password Generator โ Privacy Policy
Last updated: June 23, 2026
WPRobo Password Generator (“the extension”, “we”, “us”) is a Chrome extension that generates strong passwords and passphrases, fills them into login forms, and optionally remembers them on your own device. This policy explains what data the extension touches and โ just as importantly โ what it does not.
Summary
- No data ever leaves your device. The extension makes no network requests of any kind. There is no backend server, no analytics, and no third-party SDK.
- No data is collected, sold, or shared. We, the developer, have no access to anything you generate, save, or type into the extension.
- Everything is stored locally, using Chrome’s built-in
chrome.storage.localAPI and the browser’s IndexedDB โ never synced to a remote service by this extension.
What the extension does
- Generates passwords and passphrases entirely within your browser, using the Web Crypto API’s cryptographically secure random number generator (
crypto.getRandomValues) โ neverMath.random(). - Lets you fill a generated password directly into the active tab’s login form, using Chrome’s
scriptingAPI together with theactiveTabpermission. This only runs on the tab you are actively viewing, only when you click the fill button, and the extension cannot see or act on any other open tab. - Optionally saves a password for a specific site (“Save for this device”) and keeps a short history of recently generated passwords, both stored only on your device.
What is stored, and where
| Data | Where | Leaves your device? |
|---|---|---|
| Generated password history (last 20 entries) | chrome.storage.local, AES-GCM encrypted |
No |
| Passwords saved per-domain (“Save for this device”) | chrome.storage.local, AES-GCM encrypted |
No |
| The encryption key used above | Browser’s IndexedDB, as a non-extractable WebCrypto key | No |
| Theme preference (light/dark) | chrome.storage.local, plain value |
No |
| Domain name of the active tab | Read only in memory, to label saved entries and show the “fill” banner | No |
chrome.storage.local and IndexedDB are local-only storage areas provided by the browser. Nothing here is synced to a Google account, backed up to a server we control, or visible to us in any way. If you remove the extension, this data is deleted by Chrome along with it.
Encryption details
Saved passwords and password history are encrypted with AES-GCM (256-bit) before they are written to disk. The encryption key is generated once per installation, stored as a non-extractable CryptoKey in IndexedDB (its raw bytes can never be read back out by any code, including the extension’s own), and used only to encrypt and decrypt data on this device. This protects saved passwords from casual inspection of browser storage; it is not a substitute for a dedicated password manager with a master password, and does not protect against malware with full access to your browser profile.
Third parties
None. The extension bundles its own fonts and icons; it does not load anything from a CDN or third-party server, and includes no advertising, analytics, or tracking libraries.
Children’s privacy
The extension does not knowingly collect any information from anyone, including children, because it does not collect or transmit information at all.
Changes to this policy
If this extension’s data practices ever change, this document will be updated and the version published with the extension on the Chrome Web Store will reflect the current policy at the time of that release.