Random Password Generator
A secure password is your first line of defense against unwarranted access to your online accounts, digital files, and personal information. And often, the most secure password is one that is random. We created this random password generator tool to help you create strong random passwords that meet the criteria of most websites. Our tool generates passwords with:
- 12 characters
- At least one upper case letter
- At least one lower case letter
- A minimum of one number
- A minimum of one special character (e.g. # ? @ !)
Why You Need Strong Passwords
Using only strong passwords can have a huge positive impact on your digital wellbeing. The most obvious advantage is that cybercriminals cannot easily hack your online accounts. It prevents them from taking over important accounts, such as emails, or getting personal and payment information from online shopping accounts such as Amazon. With identity theft and online fraud on the rise,1 that’s a benefit you wouldn’t want to miss out on.
Unfortunately, our research on America’s password habits shows that 57-percent still use slightly modified old passwords as their current passwords. That is not secure, as anyone who is in possession of your old password — for example, from a data breach — can guess your new password. We also found that around 20-percent use easy-to-guess password components such as their names, spouse’s names, children’s names, years of birth, and common phrases. Again, that is not secure.
So What Is A Secure Password?
As mentioned, a secure password is often one that is generated randomly. But it doesn’t end there. Your randomly-generated password should be an alphanumeric string with a combination of uppercase and lowercase letters, numbers and special characters. It must also be at least 12 characters long.
FYI: Most online accounts require passwords to be at least eight characters long, and with at least one uppercase and lowercase letter, a number, and a special character. Our password generator meets (and exceeds) this criteria.
Letters, Numbers, and Special Characters
Why do your passwords need to include letters, numbers, and special characters? The short and simple answer is that they make your passwords harder to crack. Think of it like this: It takes less than a minute to open a lock if you have 26 keys to choose from and only one of them works. The 26 keys represent the 26 lowercase letters of the English alphabet. Now, double that, adding the uppercase letters, and you’ve just made the lock twice as hard to open. Lastly, add 10 more keys corresponding to the numbers zero through nine, and 33 more to represent the special characters on your keyboard. With 95 keys to choose from, you’ve got yourself a lock that would take a while to open.
Of course, we’re talking about a lock with only one key, and passwords are often at least six characters long. So to make the analogy work, picture a lock that has six keyholes and to unlock it, you need to insert the right keys in the right sequence. You have 95 keys to choose from, and any of the keys may be used twice. Can you guess how many possible combinations that would generate? We created this handy chart to answer that and to show the importance of having a longer password.
|How Many Characters?||Uppercase and Lowercase Letters Only||Numbers and Letters (Uppercase and Lowercase)||Special Characters, Numbers, and Letters (Uppercase and Lowercase)|
|6||19 billion||56 billion||735 billion|
|7||1 trillion||3 trillion||69 trillion|
|8||53 trillion||218 trillion||6 quadrillion|
|9||2 quadrillion||13 quadrillion||630 quadrillion|
|10||144 quadrillion||839 quadrillion||59 quintillion|
|11||7 quintillion||52 quintillion||5 sextillion|
|12||390 quadrillion||3.2 sextillion||540 sextillion|
With over 19 billion possible combinations, even a six-character password with only uppercase and lowercase letters would be tough to crack. That is, if we’re talking about manual password cracking wherein someone enters and tries every possible combination manually. However, cybercriminals have gotten tech-savvy, and they now have password cracking algorithms that can crack six-character passwords instantly, according to a report by Hive Systems.2 According to the same report, it would take only 39 minutes to crack an eight-character complex password with letters, numbers, and special characters.
That paints quite a worrisome picture, but the good news is that adding just a few characters to your password makes it exponentially more secure. With 540 sextillion (that’s 540 followed by 21 zeros) combinations, a hacker would need 3,000 years to guess a 12-character password using current technology. That’s why the passwords we generate are at least 12 characters long.
What’s Next: Storing Your Passwords
Unless you have the eidetic memory of Sheldon Cooper from The Big Bang Theory, we don’t expect you to remember a random string of letters, numbers, and special characters. The next step, after creating a strong, randomly-generated password, is to store it in a secure but easy to access password vault.
A password vault, otherwise known as password manager, is a service that lets you store passwords securely using encryption. To make things convenient, they work with operating systems and browsers so you can easily access your passwords on your devices whenever you need them. To secure the vault, you’ll need to create a “master code,” a password that you’ll need to enter to access your stored passwords. For this one, we recommend something that is easy to remember, but meets our criteria of a strong password.
Tip From Experts: Chrome is not a good place to store passwords. Chrome’s password storage doesn’t have a master code, so anyone who can access your devices can see your stored passwords.
Now, we won’t get into the topic of which password vault is the best — that’s a discussion for another time — but we’ll give you a glimpse of what to look for in a secure password vault.
- Storage location: A password vault stored in a cloud server means that you can easily sync your passwords on multiple devices, as long as you’re logged into your password vault on all of those devices.
- Encryption: A password vault’s security relies on encryption. Look for one that uses 256-bit AES encryption, the current gold standard.
- Multi-platform support: Some password vaults don’t work with all operating systems, so look for one that works with every device you own.
- Auto-fill: To make your life easier, choose a password vault that can auto-fill forms on your devices. That will eliminate the need to copy and paste your passwords every time you need to log in.
- Recovery: Every password vault has a different recovery option should you “lose” your master code. Understand a password manager’s recovery process before signing up.
Password Security Is A Continuous Effort
With our random password generator and a secure password vault, your passwords are secure… for now. Password security is a continuous effort, and here are a few things to keep in mind.
- Don’t reuse passwords: When you use our tool, generate a different password for each account. Using the same (or similar) password across multiple accounts just increases the likelihood of all those accounts getting hacked in case of a data breach. It’s like having the same key to your house, car, and office — it’s convenient, but not secure.
- Update your passwords: Many argue that you don’t need to update passwords regularly, especially if you have strong passwords. In fact, there’s a study that says that mandatory password changes actually lead people to use less secure passwords.3 Our recommendation is to change your password if your credentials have been part of a data breach, if you think someone has gained unauthorized access to your account, or if you think you may have been hit by malware or a phishing attack. However, if you can set aside a couple of hours every six months to update all of your passwords, that would be ideal, too.
- Use two- or multi-factor authentication: Authentication is widely-used now more than ever, and it’s a good measure to supplement your password security. Whenever offered the choice, choose to activate two- or multi-factor authentication on your accounts. What’s the difference? Two-factor authentication sends a code to your registered phone number before letting you in, while multi-factor authentication uses biometrics such as face ID.
- Use a virtual private network: We never recommend logging into sensitive accounts, such as online banking accounts, when connected to a public Wi-Fi. That’s because unsecured networks can be used to intercept internet traffic and steal valuable pieces of information such as passwords. However, if you must use a public Wi-Fi, connect to a virtual private network or VPN. A VPN encrypts your internet traffic, so even if it’s intercepted, no one can see your activity or data.
The Security.org team is right behind you in keeping your password security in good shape. We’ll keep this password generator up and running, so come back anytime you need a new password. And if you ever need more help in securing other digital aspects of your life, don’t miss out on our 2023 guide to digital security.
Federal Trade Commission. (2022, Feb 22). New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021.
Hive Systems. (2023). Are Your Passwords in the Green?
Federal Trade Commission. (2016). Time to rethink mandatory password changes.