Random Password Generator

Use this generator to create a strong & secure random password that is only known to you.

Your Random Password

Password
Share calculator:

Put it on your site!
get code

How to generate a random password?

Using this password generator you can create a very strong, random password with a simple click on the "Generate Password" button. It uses strong cryptographical algorithms to generate random numbers, which are then matched to symbols based on your preferences and the result is a randomly generated password.

This password is only visible to you, and a new one will be generated each time you press the button and the page refreshes. Our server does not store any of the passwords generated for you, so once you close this page only you will know that it ever existed!

To prevent anyone from potentially sniffing your network traffic and learning your new password, we use a secure transfer protocol - HTTPS, or more precisely encryption & authentication with TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher). You can verify that in your browser, like so:

https secure connection

Some websites and other software only allow certain symbols in passwords, while others require the presence of symbols of a particular type to ensure a minimum password strength. To generate a password that meets these requirements you can use the controls to include (or not include) numbers (0..9), capital letters ( A..Z ), symbols ( !@#$%&*?^ ), and potentially ambiguous characters ( ({}[]()/'"`~,;:.<>)\ ). Small letters ( a..z ) are included by default.

Why do I need a strong random password?

There are two scenarios in which having a strong password help. In the first one a malicious entity ("attacker"), may want try to gain access to your laptop or PC, online banking, e-mail, online storage, social media accounts, etc. by trying to guess your password. Usually this is done with automated tools that try to log in many times per minute or per second. Both laptops and PCs, and a lot of websites have measures in place designed to slow down such attempts, but they are still viable in many cases. The stronger the password, the more attempts will be needed to guess it (on average, one might just be extremely lucky and guess it from the first try!) thus the more time it will be required. A strong enough password should make it so that the average time to break it would be measured in years of dedicated computing power.

The second scenario is when a data breach happens. That is, when a company's security is overcome and as a result an attacker now has your password, alongside those of many other victims. Any respectable modern website does not store passwords in plain text, instead, they are stored using cryptographic algorithms. Well protected sites use so-called hashing algorithms, like MD5 (old), SHA1, SHA256, SHA512 and so on, which are one-way algorithms, meaning that the website can tell if you have entered your password correctly without knowing your password (genius, isn't it!). In this scenario the hacker now has your password hash and the only limit on how fast he tries to guess it is the number of tries he can do per second. A fast machine (fast GPU especially) can do billions of attempts per second and these can further be improved by dictionary attacks.

The classic definition of a dictionary attack is attempting each word in a dictionary, say the English language dictionary, instead of just randomly generated series of letters. A dictionary can comprise of passwords learned from previous breaches, or specially crafted strings using a rule that is supposed to improve the guessing speed. The best way to protect against dictionary attacks is to not use meaningful words, so a random password generator like ours is of great use.

In all the above cases the rate at which an attacker can submit passwords to the system combined with the number of possible passwords determines the likelihood of success. While you don't usually have control over the attempt rate, you do have complete control over the strength of your password so increasing it decreases the odds that you will become a victim of stolen identity.

Tips for creating strong passwords

By using this random password generator you are already on the right track to getting yourself a strong password. Here we offer additional tips that will help.

Password length

Password length is the most important factor for a strong password, which is due to how combinatorics work. Using our permutations calculator you can see that a password with 4 symbols, using only small letters can be one of 456,976 possible permutations. This will take less than a second to guess by brute force (trying every possible combination). Adding just one more symbol, the possible permutations are now 11,881,376 - much, much better, though still not great. Now add 5 more symbols, so your password is now 10 characters long - the possible combinations with just small letters are now the impressive 95,428,956,661,682,176. Even computers take time when they need to perform so many calculations.

strong random password

So, as you can see, the simplest way to improve the security of your account is to add one (or several) more characters to your secret. 16 characters is a good password length, though passwords with lengths between 12 and 16 characters should be sufficient in most cases.

Symbols used

Let's return to our 4-letter password example that had under 500,000 possible variants and let's add capital letters and numbers into the mix, making the total unique symbols 62 (26 x 2 + 10). Now the possible permutations are 14,776,336 which is 32 times better. So, in general, expanding the set of characters you use results in increased password security. It also makes it less likely for dictionary attacks to succeed.

Other tips

If you decide to forgo random password generation and want to come up with the password yourself, avoid character repetition, keyboard patterns, dictionary words, letter of number sequences like "1234" and "bcdef". To prevent guessing the password through social cues and other available information, avoid relative or pet names, romantic partner names, dates of birth, anniversaries, phone numbers, etc. Generally, any information that might be known to colleagues or acquaintances should be avoided, as well as information that might become public in some point in the future.

Strong passwords you can remember?

Some recommend stringing together words from a phrase, like brownthreesarethecoolest and then intermixing them and switching up numbers for some of the letters, e.g. br0wn^threes.are^the.c00lest!. This password is 30 characters long so if it were randomly generated it would be absolutely unassailable, but a clever dictionary attack can vastly reduce the time it takes to break it, so use this approach at your own (unknown) risk.

Password security tips

These are some basic tips that apply to all kinds of passwords, not only random passwords. Random generated or not, if you fail to observe these you increase your security risk significantly.

  • Do not share your passwords with anyone.
  • If possible, remember and do not store your passwords.
  • If you do store them, do so in a place and way that makes them inaccessible to others. E.g. putting them on a sheet of paper near your monitor or in your desk drawer is a security risk.
  • Avoid using the same password in more than one service or device. An attacker gaining access to one of them, might allow them to gain further access with minimal effort.
  • If you use a secure password storage software, check that it is from a reputable vendor and that it was tested for security. Some breaches notoriously happen due to poorly written password storage software (browser plugins, mobile apps, desktop apps, etc.).
  • Do not log in to your accounts from unsecure systems. Other people might be much less tech-savvy and risk-aware than you. Public Wi-Fi can also be a security risk.
  • Do not store critical passwords on the cloud.
  • Be aware of hidden (or obvious!) cameras if entering passwords in locations you do not control. No matter how fast you enter them, if it is on video, it can be slowed down and easily revealed.

As with anything else, security is a compromise - in this case between convenience and risk. Too risk averse and it takes you 10 minutes to log in to your laptop or e-mail. Too lazy and your personal info might end up on the internet for everyone to see and your bank account and credit cards might be emptied by unscrupulous criminals. Generating a strong random password is a good step towards securing our online presence, but it should be a part of an overall approach to securing your assets and identity.

Cite this calculator & page

If you'd like to cite this online calculator resource and information as provided on the page, you can use the following citation:
Georgiev G.Z., "Password Generator", [online] Available at: https://www.gigacalculator.com/calculators/random-password-generator.php URL [Accessed Date: 21 Nov, 2018].