WintelGuy.com
Buy Me A Coffee
Patreon

Random Password Generator

This page generates five random passwords at one time. The passwords can be from 7 to 24 characters long with a random distribution of lower-case characters, upper-case characters, digits, and non-alphanumeric characters. If the sum of the minimum numbers of lower-case, upper-case, digits, and non-alphanumeric characters is greater than the initially selected Password length value, then the Password length value will be increased accordingly.

Select password parameters: 

Password length:

Minimum number of: 

lower-case:
upper-case:
digits:
non-alphanumeric:
Password:
_6M!s{!7
P}4Jl7G/
7"jG4,2y
v01>J&V0
0j7U.j2P

Note the difference:
0 - "zero" vs O - "upper-case o"
1 - "one" vs l - "lower-case el"

Password strength should be a key consideration during password creation or selection process. Strong passwords are generally harder for an attacker to guess or crack and hence they provide better protection for the underlying accounts, sites, or services.

Two main characteristics defining password strength are length and complexity. The NIST Digital Identity Guidelines require passwords to be at least 8 characters in length if chosen by users and at least 6 characters in length if chosen randomly. Password complexity is determined by the size of the symbol set used to compose a password. For example, a password consisting of digits, lowercase letters, uppercase letters and special characters will be much stronger in comparison with a password of the same length containing only lowercase letters.

Password strength is measured by the information entropy H (in bits) and can be calculated as: H = L log2N Where
L is the length of the password in symbols;
N is the number of possible symbols that could appear in the password.

Password strength could be improved by increasing L or N or both.

General password selection and usage recommendations are:

  • Passwords should not contain:
    • repetitive or sequential characters,
    • adjacent keyboard key sequences,
    • commonly-used or so called "dictionary" words,
    • context and user specific details.
  • The same password should not be used for multiple sites or services.
  • A password known to be compromised should not be re-used.
  • Use multifactor authentication if available.
  • Consider using a password manager application.

Humans are not generally good at choosing and remembering random sets of characters. A password generator like this one can help with creation of strong random passwords.

An alternative approach is to use passphrases composed of a few (5-6) randomly chosen common words. Passphrases are typically longer then randomly generated passwords but much easier to remember. The comparison between random passwords and passphrases is perfectly summarised by the famous XKCD Password Strength comic strip.

One of the methods for creating passphrases is called Diceware. It uses ordinary 6-sided dice and a numbered list of 7776 unique words that are easy to spell and remember. Each passphrase word is chosen by rolling a die five times to generate a five-digit number and then selecting the word with the matching number from the list.

Diceware is particularly useful for off-line passphrase generation. With the word list printed out and at least one die, passphrases can be generated in a truly "unplugged" way without involvement of any electronic devices.

For off-line random password generation additional tools or programs will be required. For example:

  • Shell scripts utilizing /dev/urandom.
  • PowerShell scripts based on the Get-Random commandlet.
  • Software password generators similar to the one built-in into the KeePass password manager.
KeePass Password Generator

Please note, provided links do not constitute an endorsement of any kind.

See also:
Diceware Passphrase Generator
ROT13 Coder - ROT13 and ROT47 (rotating substitution ciphers) encoder / decoder.
SecLists Password Lists