Random Password Generator
This tool can generate secure, strong, random passwords. To ensure security, the password is generated completely on the webpage without being sent across the Internet.
A password is typically a string of characters that may include letters, numbers, and symbols that can be used to access something, typically an account, and prevent others from accessing it. In today's Internet age, it is likely that most people have experience with having a password for some kind of account. As such, it is important to understand how to construct a strong password (or use a password generator) as well as to understand how to take measures to safeguard the password.
Password strength is a measure of how effective a password is against being guessed or against brute-force attacks. Although it varies, usually, password strength is an estimate of how many trials would be required on average for someone to successfully guess the password. This is affected by the length, complexity, and unpredictability of the password. For example, if a password involves a person's name, birthday, or other personal information that typically would not be very difficult to find out, the password would likely make for a weak password.
Aside from the actual password, proper security controls play a significant role in reducing the risk of a security breach. Security controls include safeguards that are in place to detect, avoid, or minimize security risks. This includes controls such as two-step authentication for your password, or locking the account for a period of time after a given number of failed attempts.
How to create a secure password
Creating a secure password can be achieved by following certain rules that are designed to increase password security. This largely involves constructing a strong password, but includes other aspects such as changing a password periodically, as well as being aware of, and avoiding the use of common passwords (password, 123456, qwert...). Below are some rules that can be used for creating a strong password:
- Include lower-case letter(s) [a-z]
- Include upper-case letter(s) [A-Z]
- Include numbers [0-9]
- Include symbols [!@#$%^&*()...]
- Exclude words involving the user's personal information
- Exclude words found in a password blacklist – there are password blacklists that can be found on the Internet, or it is possible that a company / other institution may have their own password blacklists
- Exclude company/institution name, as well as abbreviations of the name
- Exclude passwords that match common formats such as calendar dates, license plate numbers, phone numbers, or other common number formats
Also, many password policies typically include a minimum password length because generally, the longer a password, and the larger the variety of character types, the more secure the password.
The random password generator on this website provides the user with the option to exclude ambiguous characters. This includes characters like the letters "L" and "I" which may be difficult to distinguish on a computer. This is particularly relevant when using a random password generator. An upper-case "i" can be difficult to distinguish from a lower-case "L" or the number 1 in some cases. Confusion arising from ambiguous characters could potentially lock the user out of their own account. Note however, that excluding characters generally lowers the potential strength of a password.
The password generator also determines the password entropy, measured in bits. The higher the entropy, the more difficult it will be for the password to be guessed. In the context of a brute force search (where every possibility is tested), a password entropy of 100 bits would require 2100 attempts for all possibilities to be exhausted. On average however, about half of these possibilities would need to be exhausted before the correct one is found in a brute force search.
How to protect your password
Protecting your password is as important as coming up with a strong password. Below are some suggested measures you can take to help protect your password. There are likely other measures a person can take, but the below are just some guidelines that may help:
- Don't share your password with other people – Ideally, the user should be the only person who knows their password. For example, even if you trust the person that you share your password with, and even if that person has no malicious intent, they may be less careful about safeguarding your password than you would be. The more people who know your password, the more potential for your information to be stolen by someone else.
- Don't use the same password across different websites and accounts – Although it may be more convenient to use the same password across different websites and accounts, it is not advisable. Having the same password for all your accounts, no matter how strong the password, may mean that a security breach on any single account compromises the safety of all of your accounts. Using a password manager can help you manage your passwords and accounts, and increase safety by allowing you to more easily use different passwords for different accounts. There are a number of different password managers that you can explore to find one that best suits your needs.
- Change your passwords regularly – This is another measure you can take that is also inconvenient, but theoretically, can help with keeping your accounts secure. This helps in cases where someone may know your password, and may access them, but may not immediately try to do something harmful. In these cases, changing your password would limit the period of time over which they have access to your account, assuming that they cannot determine the new password. In cases where you have saved your password on an old device you may have sold or thrown away, changing your password would disable a person from using a saved password.
- Never save your passwords to public devices – Ideally, try not to save passwords at all to reduce the risk of people gaining unwanted access to your accounts. In a similar vein, be careful of accessing sensitive accounts on unsecured public networks.
- Don't keep obvious lists of your passwords that someone may be able to access, physical, or electronic – For example, a sticky note on your desk with accounts and their passwords, a word document on your desktop named "passwords" that contains information for all your accounts, or a note on your cellphone could open you up to unnecessary risk of password loss. As mentioned above, consider using a password manager instead. Phones, notebooks, etc., can be lost or stolen. Ideally, a person should use a password manager or be able to remember their passwords for various accounts based on the specific account.