FastTools

Security & Authentication

Generate passwords, JWTs, UUIDs, and manage authentication utilities

6 tools

Tools in This Collection

Password Generator

Generate strong random passwords with custom length, character sets, and bulk generation

JWT Decoder

Decode JWT tokens instantly to view header, payload, and expiration without requiring the secret

JWT Generator

Generate and sign JWT tokens with HS256/384/512 algorithms and custom claims for testing

UUID Generator

Generate random UUID v4 and time-ordered UUID v7 in bulk with multiple format options

Privacy Policy Generator

Generate a GDPR and CCPA-compliant privacy policy for any website in minutes

IP Subnet Calculator

Calculate IPv4 subnet details from CIDR notation: network address, broadcast, host range

Guides & Articles

JWT Authentication Best Practices: Access Tokens, Refresh Tokens, and Claims Password Security: Why Complexity Rules Fail and What Works Instead

Security and Authentication Workflow

Authentication and security configuration are areas where mistakes have significant consequences. These tools support the most common security-related development tasks: generating credentials, debugging authentication tokens, and understanding network addressing.

Password Generation and Security

Secure password generation requires true randomness (cryptographic PRNG, not Math.random()), sufficient length, and an appropriate character set. The Password Generator uses the Web Crypto API for cryptographic randomness and lets you configure length (12-64 characters), character sets (uppercase, lowercase, numbers, symbols), and bulk generation for seeding databases or test environments.

JWT Debugging and Generation

JWTs are used in nearly every modern authentication system. The three-part structure (header.payload.signature) encodes the token type, algorithm, claims, and cryptographic signature. The JWT Decoder shows the decoded header and payload of any token — useful for inspecting expiration, user ID, role claims, or other metadata during debugging. The JWT Generator creates signed test tokens with custom payloads, which is valuable when testing APIs that require authenticated requests without a full auth flow running.

UUID Usage Patterns

UUIDs (Universally Unique Identifiers) are used as primary keys in distributed databases, entity identifiers in APIs, and idempotency keys in payment flows. UUID v4 is randomly generated (122 bits of randomness). UUID v7 is time-ordered (sorts chronologically), which improves database index performance. The UUID Generator supports both versions with bulk generation for test data seeding.

Network and Infrastructure Security

IP subnet calculation is essential for network planning, security group rules in AWS/GCP/Azure, and firewall configurations. A CIDR block like 10.0.0.0/24 defines a range of 256 addresses. The IP Subnet Calculator shows the network address, broadcast address, first/last usable host, total hosts, and wildcard mask for any CIDR block.

Frequently Asked Questions

Is it safe to paste a JWT token into the decoder?

The JWT Decoder only decodes the base64url-encoded header and payload — it never needs the secret key and doesn't verify the signature. Everything runs locally in your browser with no server requests. JWTs are designed to be readable without the secret (that's why they're base64 encoded, not encrypted). For production tokens, using a local tool is safer than public decoders.

What length should generated passwords be?

NIST SP 800-63B recommends a minimum of 15 characters for user-created passwords, but for machine-generated passwords (API keys, service accounts), 32+ characters is standard. At 20+ characters using mixed case + numbers + symbols, brute-force cracking becomes computationally infeasible even with dedicated hardware. The Password Generator defaults to 20 characters.

When should I use UUID v4 vs UUID v7?

Use UUID v4 when you need complete randomness and don't care about sort order (most cases). Use UUID v7 when the UUID will be used as a database primary key — v7 UUIDs are time-ordered (monotonically increasing), which means they insert at the end of a B-tree index rather than causing random index page splits. This significantly improves write performance at scale.

What is a CIDR block and how do I calculate subnet size?

CIDR (Classless Inter-Domain Routing) notation expresses an IP range as a base address and prefix length. The prefix length (/24, /16, etc.) determines how many addresses are in the range. /24 = 256 addresses (254 usable hosts). /16 = 65,536 addresses. /8 = 16.7 million addresses. The IP Subnet Calculator shows exact counts and the full address range for any CIDR block.

What algorithm should I use for JWT signatures?

HS256 (HMAC-SHA256) is appropriate when only one party needs to verify tokens (e.g., your own API verifying tokens it issued). RS256 (RSA-SHA256) is better when multiple services need to verify tokens independently — each service can hold only the public key, with the private key secured in one place. Avoid 'none' algorithm entirely — many JWT vulnerabilities involve algorithm confusion attacks.