Password Generator

Generate secure passwords to your taste. A secure password should consist of a minimum of 12 characters, with lowercase, uppercase, numbers and special characters included.

Lowercase
Uppercase
Numbers
Special chars

Generate
{{strength}}%

Click to check whether this password was previously exposed in any data breach.

The password was not exposed in any known data breach. The password has previously appeared in a data breach and should not be used.

A password should be unique

Never use the same password for multiple accounts. If one account is compromised, all other accounts with the same password are in danger, too. Thats why it is critical to use a unique password for each account. The password should also be unique in its composition and not something which might used by someone else, because these kind of passwords can be guessed. Attackers use dictionaries which contain millions of common passwords. Sometimes, when a service is compromised, real passwords find their way into the public. The good guys at haveibeenpwned maintain a database which contains all those passwords. Thats how we check whether a password has already been exposed in a data breach. In our FAQ we explain the technical details.

A password should be random

Manually constructed passwords often contain recurrent patterns, which make it considerably more likely to predict the next password. If one or more such passwords are exposed - for instance through a data breach - other passwords become predictable. Therefore a password should better not be part of a system, but instead be truly random. There are also password cracking tools which use sophisticated techniques to predict passwords using keyword walk generators to emulate millions of keyboard patterns. Obfuscation techniques like shifted characters or replaced letters are also well known and covered by modern cracking tools.

A password should be long

Provided a password is unique and random, the only option left to crack it is brute force. Brute force cracking means that every possible combination of characters is tried as a password. With the hardware available today, a password which consists of 8 characters or less can be cracked within hours on a single computer. But one can safely assume that even if an attacker rents thousands of computers in the cloud, it is not possible to crack a password which consists of 16 or more characters. That is because with every additional character, the amount of possible combinations increases drastically.