Password Generator Online Free Tool
Random Password Generator
Generated Password
Password Settings
Excludes: i, l, 1, L, o, 0, O
About Passwords
A password is typically a string of characters that may include letters, numbers, and symbols that can be used to access something, typically an account, and prevent others from accessing it. In today's Internet age, it is likely that most people have experience with having a password for some kind of account. As such, it is important to understand how to construct a strong password (or use a password generator) as well as to understand how to take measures to safeguard the password.
Password Strength
Password strength is a measure of how effective a password is against being guessed or against brute-force attacks. Although it varies, usually, password strength is an estimate of how many trials would be required on average for someone to successfully guess the password. This is affected by the length, complexity, and unpredictability of the password. For example, if a password involves a person's name, birthday, or other personal information that typically would not be very difficult to find out, the password would likely make for a weak password.
Aside from the actual password, proper security controls play a significant role in reducing the risk of a security breach. Security controls include safeguards that are in place to detect, avoid, or minimize security risks. This includes controls such as two-step authentication for your password, or locking the account for a period of time after a given number of failed attempts.
How to Create a Secure Password
Creating a secure password can be achieved by following certain rules that are designed to increase password security. This largely involves constructing a strong password, but includes other aspects such as changing a password periodically, as well as being aware of, and avoiding the use of common passwords (password, 123456, qwerty...). Below are some rules that can be used for creating a strong password:
Best Practices for Strong Passwords:
- ✓Include lower-case letters [a-z] - Adds 26 possible characters
- ✓Include upper-case letters [A-Z] - Adds another 26 characters
- ✓Include numbers [0-9] - Adds 10 possible characters
- ✓Include symbols [!@#$%^&*()...] - Significantly increases complexity
- ✗Exclude personal information - No names, birthdays, addresses
- ✗Exclude common words - Avoid password blacklists
- ✗Exclude company/institution names - Don't use obvious associations
- ✗Exclude common patterns - No dates, phone numbers, license plates
Also, many password policies typically include a minimum password length because generally, the longer a password, and the larger the variety of character types, the more secure the password.
About Ambiguous Characters
The random password generator on this website provides the user with the option to exclude ambiguous characters. This includes characters like the letters "L" and "I" which may be difficult to distinguish on a computer. This is particularly relevant when using a random password generator. An upper-case "i" can be difficult to distinguish from a lower-case "L" or the number 1 in some cases. Confusion arising from ambiguous characters could potentially lock the user out of their own account. Note however, that excluding characters generally lowers the potential strength of a password.
Password Entropy
The password generator also determines the password entropy, measured in bits. The higher the entropy, the more difficult it will be for the password to be guessed. In the context of a brute force search (where every possibility is tested), a password entropy of 100 bits would require 2100 attempts for all possibilities to be exhausted. On average however, about half of these possibilities would need to be exhausted before the correct one is found in a brute force search.
| Entropy (bits) | Strength | Time to Crack (est.) |
|---|---|---|
| < 28 bits | Very Weak | Instant |
| 28-36 bits | Weak | Minutes |
| 36-60 bits | Fair | Days to Months |
| 60-128 bits | Strong | Years to Centuries |
| > 128 bits | Very Strong | Practically Uncrackable |
How to Protect Your Password
Protecting your password is as important as coming up with a strong password. Below are some suggested measures you can take to help protect your password. There are likely other measures a person can take, but the below are just some guidelines that may help:
1. Never Share Your Password
Ideally, the user should be the only person who knows their password. Even if you trust the person that you share your password with, and even if that person has no malicious intent, they may be less careful about safeguarding your password than you would be. The more people who know your password, the more potential for your information to be stolen by someone else.
2. Use Different Passwords for Different Accounts
Although it may be more convenient to use the same password across different websites and accounts, it is not advisable. Having the same password for all your accounts, no matter how strong the password, may mean that a security breach on any single account compromises the safety of all of your accounts. Using a password manager can help you manage your passwords and accounts, and increase safety by allowing you to more easily use different passwords for different accounts.
3. Change Your Passwords Regularly
This is another measure you can take that is also inconvenient, but theoretically, can help with keeping your accounts secure. This helps in cases where someone may know your password, and may access them, but may not immediately try to do something harmful. In these cases, changing your password would limit the period of time over which they have access to your account, assuming that they cannot determine the new password.
4. Be Careful with Public Devices
Never save your passwords to public devices. Ideally, try not to save passwords at all to reduce the risk of people gaining unwanted access to your accounts. In a similar vein, be careful of accessing sensitive accounts on unsecured public networks.
5. Don't Keep Obvious Password Lists
Avoid keeping obvious lists of your passwords that someone may be able to access, physical or electronic. For example, a sticky note on your desk with accounts and their passwords, a word document on your desktop named "passwords" that contains information for all your accounts, or a note on your cellphone could open you up to unnecessary risk of password loss. As mentioned above, consider using a password manager instead. Phones, notebooks, etc., can be lost or stolen. Ideally, a person should use a password manager or be able to remember their passwords for various accounts based on the specific account.
Common Password Mistakes to Avoid
❌Don't Do This
- • Using "password" or "123456"
- • Using your name or birthday
- • Using keyboard patterns (qwerty)
- • Using dictionary words
- • Reusing passwords across sites
- • Sharing passwords via email/text
- • Writing passwords on sticky notes
- • Using short passwords (<8 chars)
✅Do This Instead
- • Use a password generator
- • Make it 12+ characters long
- • Mix letters, numbers, symbols
- • Use unique passwords per site
- • Enable two-factor authentication
- • Use a password manager
- • Change passwords periodically
- • Keep passwords private
Additional Security Tips
Two-Factor Authentication
Enable 2FA on all accounts that support it for an extra layer of security beyond just your password.
Regular Updates
Review and update your passwords every 3-6 months, especially for critical accounts like email and banking.
Secure Storage
Use encrypted password managers like Bitwarden, 1Password, or LastPass to store your passwords safely.