Random Password Generator

We can’t underscore enough the criticality of having strong, secure passwords for your online accounts. It’s your first line of defense against cyberattacks.

On that note, the most secure passwords are completely random. We created this Random Password Generator tool to help you create strong random passwords that meet the security criteria of most websites. Our tool generates passwords with:

  • 12 characters
  • At least one upper case letter
  • At least one lower case letter
  • A minimum of one number
  • A minimum of one special character (e.g. # ? @ !)

FYI: The passwords our tool generates are completely random and are not stored in any way, shape, or form in our servers. Read our Privacy Policy to learn what types of data our website does and does not collect, how we use collected data, and our data-sharing practices.

Why You Need Strong Passwords

Using strong passwords can have a huge positive impact on your digital wellbeing. The most obvious advantage is that cybercriminals cannot easily hack your online accounts.

Strong passwords are necessary not only for your important accounts like email and online banking. You should use strong passwords to lock all your accounts – even ones that seem unimportant – because even those may contain personally identifiable information (PII), which hackers are after. For example, your online shopping profiles may contain personal information like your name and address. Some of them may have your full payment information. With identity theft and online fraud on the rise,1 you need all the security you can get.

Unfortunately, our research on America’s password habits shows that 57-percent still use slightly modified old passwords as their current passwords. That is not secure, as anyone who is in possession of your old password — for example, from a data breach — can guess your new password. We also found that around 20-percent use easy-to-guess password components such as their names, spouse’s names, children’s names, years of birth, and common phrases. Again, that is not secure.

So What Is A Secure Password?

As mentioned, a secure password is often one that is generated randomly. But it doesn’t end there. Your randomly-generated password should be an alphanumeric string with a combination of uppercase and lowercase letters, numbers and special characters. It must also be at least 12 characters long.

FYI: Most online accounts require passwords to be at least eight characters long, and with at least one uppercase and lowercase letter, a number, and a special character. Our password generator meets (and exceeds) this criteria.

Letters, Numbers, and Special Characters

Why do your passwords need to include letters, numbers, and special characters? The short and simple answer is that they make your passwords harder to crack.

Let’s compare password cracking to lockpicking: Let’s say there’s a lock and you have 26 keys to choose from. The 26 keys represent the 26 lowercase letters of the English alphabet. It will take you up to 26 tries to unlock the key. Now let’s add 26 more keys, representing the uppercase letters. That’s up to 52 tries now.

You can keep adding characters to make your password more secure. For example, there are 10 numbers from zero to nine and 33 special characters on most keyboards. If you use all those, you’ll have a grand total of 95 characters to choose from. Would it be easy to open a lock when you have 95 keys to choose from? We don’t think so.

Password Length

Of course, we’re talking about a lock with only one key, and passwords are often at least six characters long. So to make the analogy work, picture a lock that has six keyholes and to unlock it, you need to insert the right keys in the right sequence. You have 95 keys to choose from, and any of the keys may be used twice. Can you guess how many possible combinations that would generate? We created this handy chart to answer that and to show the importance of having a longer password.

How Many Characters? Uppercase and Lowercase Letters Only Numbers and Letters (Uppercase and Lowercase) Special Characters, Numbers, and Letters (Uppercase and Lowercase)
6 19 billion 56 billion 735 billion
7 1 trillion 3 trillion 69 trillion
8 53 trillion 218 trillion 6 quadrillion
9 2 quadrillion 13 quadrillion 630 quadrillion
10 144 quadrillion 839 quadrillion 59 quintillion
11 7 quintillion 52 quintillion 5 sextillion
12 390 quadrillion 3.2 sextillion 540 sextillion

With over 19 billion possible combinations, even a six-character password with only uppercase and lowercase letters would be tough to crack. That is, if we’re talking about manual password cracking wherein someone enters and tries every possible combination manually. However, cybercriminals have gotten tech-savvy, and they now have password cracking algorithms that can crack six-character passwords instantly, according to a report by Hive Systems.2 According to the same report, it would take only 39 minutes to crack an eight-character complex password with letters, numbers, and special characters.

That paints quite a worrisome picture, but the good news is that adding just a few characters to your password makes it exponentially more secure. With 540 sextillion (that’s 540 followed by 21 zeros) combinations, a hacker would need 3,000 years to guess a 12-character password using current technology. That’s why the passwords we generate are at least 12 characters long.

What’s Next: Storing Your Passwords

Unless you have the eidetic memory of Sheldon Cooper from The Big Bang Theory, we don’t expect you to remember a random string of letters, numbers, and special characters. The next step, after creating a strong, randomly-generated password, is to store it in a secure but easy to access password vault.

A password vault, otherwise known as a password manager, is a service that lets you store passwords securely using encryption. To make things convenient, they work with operating systems and browsers so you can easily access your passwords on your devices whenever you need them. To secure the vault, you’ll need to create a “master code,” a password that you’ll need to enter to access your stored passwords. For this one, we recommend something that is easy to remember, but meets our criteria of a strong password.

Tip From Experts: Chrome is not a good place to store passwords. Chrome’s password storage doesn’t have a master code, so anyone who can access your devices can see your stored passwords. Using a password manager such as NordPass or Dashlane is a more secure option.

Now, we won’t get into the topic of which password vault is the best — that’s a discussion for another time — but we’ll give you a glimpse of what to look for in a secure password vault.

  • Storage location: A password vault stored in a cloud server means that you can easily sync your passwords on multiple devices, as long as you’re logged into your password vault on all of those devices.
  • Encryption: A password vault’s security relies on encryption. Look for one that uses 256-bit AES encryption, the current gold standard.
  • Multi-platform support: Some password vaults don’t work with all operating systems, so look for one that works with every device you own.
  • Auto-fill: To make your life easier, choose a password vault that can auto-fill forms on your devices. That will eliminate the need to copy and paste your passwords every time you need to log in.
  • Recovery: Every password vault has a different recovery option should you “lose” your master code. Understand a password manager’s recovery process before signing up.

Tip: Once you’ve created a master code, check it against our Password Security Score Checker to see how secure it is.

Password Security Is A Continuous Effort

With our random password generator and a secure password vault, your passwords are secure… for now. Password security is a continuous effort, and here are a few things to keep in mind.

  • Don’t reuse passwords: When you use our tool, generate a different password for each account. Using the same (or similar) password across multiple accounts just increases the likelihood of all those accounts getting hacked in case of a data breach. It’s like having the same key to your house, car, and office — it’s convenient, but not secure.
  • Update your passwords: Many argue that you don’t need to update passwords regularly, especially if you have strong passwords. In fact, there’s a study that says that mandatory password changes actually lead people to use less secure passwords.3 Our recommendation is to change your password if your credentials have been part of a data breach, if you think someone has gained unauthorized access to your account, or if you think you may have been hit by malware or a phishing attack. However, if you can set aside a couple of hours every six months to update all of your passwords, that would be ideal, too.
  • Use two- or multi-factor authentication: Authentication is widely-used now more than ever, and it’s a good measure to supplement your password security. Whenever offered the choice, choose to activate two- or multi-factor authentication on your accounts. What’s the difference? Two-factor authentication sends a code to your registered phone number before letting you in, while multi-factor authentication uses biometrics such as face ID.
  • Use a virtual private network: We never recommend logging into sensitive accounts, such as online banking accounts, when connected to a public Wi-Fi. That’s because unsecured networks can be used to intercept internet traffic and steal valuable pieces of information such as passwords. However, if you must use a public Wi-Fi, connect to a virtual private network or VPN. A VPN encrypts your internet traffic, so even if it’s intercepted, no one can see your activity or data.

The Security.org team is right behind you in keeping your password security in good shape. We’ll keep this password generator up and running, so come back anytime you need a new password. And if you ever need more help in securing other digital aspects of your life, don’t miss out on our guide to digital security.

Citations
  1. Federal Trade Commission. (2022, Feb 22). New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021.
    ftc.gov/news-events/news/press-releases/2022/02/new-data-shows-ftc-received-28-million-fraud-reports-consumers-2021-0

  2. Hive Systems. (2023). Are Your Passwords in the Green?
    hivesystems.io/blog/are-your-passwords-in-the-green

  3. Federal Trade Commission. (2016). Time to rethink mandatory password changes.
    ftc.gov/policy/advocacy-research/tech-at-ftc/2016/03/time-rethink-mandatory-password-changes