Use this free password generator to create a strong & secure random password that is only known to you. Random password generator online.
Quick navigation:
- How to generate a random password?
- Why do I need a strong password?
- Tips for creating strong passwords
- Password length
- Symbols used
- Other tips
- Strong passwords you can remember?
How to generate a random password?
Using this password generator you can create a very strong, random password with a simple click on the "Generate Password" button. It uses strong cryptographic algorithms to generate random numbers, which are then matched to symbols based on your preferences and the result is a randomly generated password.
The thus generated password is only visible to you and a new one will be created each time you press the button and the page reloads. Our server does not store any of the passwords it generates for you so once you close this page only you will know that it ever existed!
To prevent anyone from potentially sniffing your network traffic and learning your newly created password, the generator uses a secure transfer protocol - HTTPS, or more precisely encryption & authentication with TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher). You can verify that in your browser, like so:
Some websites and other software only allow certain symbols in passwords, while others require the presence of symbols of a particular type to ensure a minimum password strength. To generate a password that meets these requirements you can use the controls to include (or not include) numbers (0..9), capital letters ( A..Z ), symbols ( !@#$%&*?^ ), and potentially ambiguous characters ( ({}[]()/'"`~,;:.<>)\ ). Small letters ( a..z ) are included by default.
Why do I need a strong password?
There are two scenarios in which having a strong password help. In the first one a malicious entity ("attacker"), may want try to gain access to your laptop or PC, online banking, e-mail, online storage, social media accounts, etc. by trying to guess your password. Usually this is done with automated tools that try to log in many times per minute or per second. Both laptops and PCs, and a lot of websites have measures in place designed to slow down such attempts, but they are still viable in many cases. The stronger the password you produce using the random password generator, the more attempts will be needed to guess it (on average, one might just be extremely lucky and guess it from the first try!) thus the more time it will be required. A strong enough password should make it so that the average time to break it would be measured in years of dedicated computing power.
The second scenario is when a data breach happens. That is, when a company's security is overcome and as a result an attacker now has your password, alongside those of many other victims. Any respectable modern website does not store passwords in plain text, instead, they are stored using cryptographic algorithms. Well protected sites use so-called hashing algorithms, like MD5 (old), SHA1, SHA256, SHA512 and so on, which are one-way algorithms, meaning that the website can tell if you have entered your secret string correctly without storing what it actually is (genius, isn't it!). In this scenario the hacker now has your password hash and the only limit on how fast he tries to guess it is the number of tries he can do per second. A fast machine (fast GPU especially) can do billions of attempts per second and these can further be improved by dictionary attacks.
The classic definition of a dictionary attack is attempting each word in a dictionary, say the English language dictionary, instead of just randomly generated series of letters. A dictionary can comprise of passwords learned from previous breaches, or specially crafted strings using a rule that is supposed to improve the guessing speed. The best way to protect against dictionary attacks is to not use meaningful words, so a random password generator like ours is of great use.
In all the above cases the rate at which an attacker can make login attempts to the system combined with the number of possible passwords determines the likelihood of success. While you don't usually have control over the attempt rate, you do have complete control over the strength of your password so increasing it decreases the odds that you become a victim of stolen identity.
Tips for creating strong passwords
By using this generator of strong passwords you are already on the right track to getting yourself a secure password. Here we offer additional tips that will help.
Password length
Password length is the most important factor for a strong password, which is due to how combinatorics work. Using our permutations calculator you can see that a password with 4 symbols, using only small letters can be one of 456,976 possible permutations. This will take less than a second to guess by brute force (trying every possible combination). Adding just one more symbol, the possible permutations are now 11,881,376 - much, much better, though still not great. Now add 5 more symbols, so your password becomes 10 characters long. The possible combinations with just small letters for such a password are the impressive 95,428,956,661,682,176. Even computers take time when they need to perform so many calculations.
So, as you can see, the simplest way to improve the security of your account is to add one (or several) more characters to your secret. 16 characters is a good length, though passwords with lengths between 12 and 16 characters should be sufficient in most cases. Our generator supports very long passwords.
Symbols used
Let's return to our 4-letter password example that had under 500,000 possible variants and let's add capital letters and numbers into the mix, making the total unique symbols 62 (26 x 2 + 10). Now the possible permutations are 14,776,336 which is 32 times better. So, in general, expanding the set of characters you use results in increased password security. It also makes it less likely for dictionary attacks to succeed. This password generator supports all latin letters (lower and upper case), all numbers, as well as 29 special characters.
Other tips
If you decide to forgo random password generation and want to come up with the password yourself, avoid character repetition, keyboard patterns, dictionary words, letter of number sequences like "1234" and "bcdef". To prevent guessing the password through social cues and other available information, avoid relative or pet names, romantic partner names, dates of birth, anniversaries, phone numbers, etc. Generally, any information that might be known to colleagues or acquaintances should be avoided, as well as information that might become public in some point in the future.
Strong passwords you can remember?
Some recommend stringing together words from a phrase, like brownthreesarethecoolest and then intermixing them and switching up numbers for some of the letters, e.g. br0wn^threes.are^the.c00lest!. This password is 30 characters long so if it were randomly generated it would be absolutely unassailable, but a clever dictionary attack can vastly reduce the time it takes to break it. It is therefore not supported in this strong password generator, but you can use this approach at your own (unknown) risk.
Password security tips
These are some basic tips that apply to all kinds of passwords and secrets that need to be kept as such. Randomly generated using a secure password generator or not, if you fail to observe these you increase your security risk significantly.
- Do not share your passwords with anyone.
- If possible, remember and do not store your passwords.
- If you do store them, do so in a place and way that makes them inaccessible to others. E.g. putting them on a sheet of paper near your monitor or in your desk drawer is a security risk.
- Avoid using the same password in more than one service or device. An attacker gaining access to one of them, might allow them to gain further access with minimal effort. Generate a new random password for each separate use-case.
- If you use a secure password storage software, check that it is from a reputable vendor and that it was tested for security. Some breaches notoriously happen due to poorly written password storage software (browser plugins, mobile apps, desktop apps, etc.).
- Do not log in to your accounts from unsecure systems. Other people might be much less tech-savvy and risk-aware than you. Public Wi-Fi can also be a security risk.
- Do not store critical passwords on the cloud.
- Be aware of hidden (or obvious!) cameras if entering passwords in locations you do not control. No matter how fast you enter them, if it is on video, it can be slowed down and easily revealed.
As with anything else, security in password generation is a compromise - in this case between convenience and risk. Too risk averse and it takes you 10 minutes to log in to your laptop or e-mail. Too lazy and your personal info might end up on the internet for everyone to see and your bank account and credit cards might be emptied by unscrupulous criminals. Generating a strong random password is a good step towards securing our online presence, but it should be a part of an overall approach to securing your assets and identity. In this sense using this tool to generate strong secure passwords is only one piece of the security puzzle.
