Password Generator - Strong, Random PasswordsThis random password generator will allow you to generate a random password using letters, numbers and symbols or from a memorable phrase.
I changed all my passwords to "incorrect" so whenever I forget, it will tell me "Your password is incorrect".
A password is a number of symbols that protect your account. Most people have trouble creating a unique password. This random password generator will allow you to generate a random password using letters, numbers and symbols.
Current advice on the usage of secure passwords is to use a password manager. Not only do they produce cryptographically secure passwords (more secure than random strings) they also store the passwords for you in an encrypted format.
There are several other benefits to using a password manager, such as:
- They encourage unique passwords for each account.
- They encourage passwords with sufficient entropy to withstand offline clustered attacks.
- They allow storage of other types of data, such as SSNs or credit card numbers.
- Many provide online synchronization support across devices, either internally or via Dropbox and Google Drive.
- Many ship additional application support, such as browser extensions.
- They ship password generators.
Strong Random Password Generator
With that said, here is our legacy random password generator. It can still be used and the passwords are still secure as they are very difficult to guess.
We do not save the random passwords generated. If you choose to use a password generated here, please be sure to save the password in a safe and accessible location.
Phrase Based Random Password Generator
This random password generator will generate a password using a specified number of common words, which although memorable to you, are much harder to crack.
Random Password Phrase Generator
A pass phrase is a combination of two or more words, together with numbers and symbols. They are easier to remember than totally random passwords, not as complex as phrases yet still difficult to hack. You can also substitute numbers and symbols for the letters. Random word phrases are my preferred method of choice for generating random passwords, a balance between memorability and complexity.
Cracking Bad Password Patterns
If your password looks like any of these example bad passwords, it is instantly crackable by computers running cracking software. Even a mix of two or three of these password patterns, such as a common word followed by a number or symbol will be really easy to crack.
Bad Password Patterns | Memorable | Time To Crack |
---|---|---|
A common word (example: avocado ) | Yes | 18 milliseconds |
An easily-typed spatial word (example: qwerty or asdfgh ) | Yes | 10 milliseconds |
Pet names (example: rusty or wookie ) | Yes | 27 milliseconds |
An important number, such as a date or phone number (example: 05121980 ) | It's memorable to you | 2.213 seconds |
A word with letter/number substitutions (example: p@55w0rd ) | Sort of memorable | 639 milliseconds |
How are Passwords Cracked?
Computers run what's called brute force attacks on a user's password. In this type of attack, an attacker uses what's known as a dictionary, which is a list of words or common passwords, or a password list from previous hacks. Using this dictionary they repeatedly try your username and the next password in the list until it gets in. It typically takes a few seconds to "brute force" over 1,000,000 passwords in this way.
If they don't get in using this first method, then there are some extra things they can do. This includes letter-to-number substitutions. This involves replacing letters with numbers or symbols which look similar. For example, the letter O would be replaced with the number 0, and the letter I replaced with 1. Again, computers can run this very, very quickly.
Next, they will try to combine words and add seperator characters and numbers at the end. They could try passwords like apple.cart.734, apple.cart.735 and so on. Again, this is a trivial matter for computers and they can run millions of calculations a second.
If all else fails then they will resort to a combination lock style hack, where they increment a value each time, so they could try a, b, c, ... z, then move on to aa, ab, ac.... to zz, then aaa, aab, aac, ..., aba, abb, abc. Using this method they will get in eventually, although this is a lot more time-consuming. Most websites will say on an account creation or password change that the password must be between 8 and 12 characters so that immediately cuts down the number of combinations that are needed. Even so, it will still take some time to crack.
THIS INFORMATION IS PROVIDED ON AN "AS IS" BASIS AND ALL RISK IS WITH YOU. THE AUTHOR MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO ANY MATTER WHATSOEVER. IN NO EVENT SHALL THE AUTHOR BE LIABLE TO YOU OR ANY OTHER PARTY FOR ANY INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES.