The best password generators make it easy to create secure passwords that are hard to guess or crack, for personal or business use.
Online hacking is becoming increasingly sophisticated, leading to frequent password and login information theft. This can become extremely inconvenient, and it can even lead to the loss of money or sensitive personal information if your passwords fall into the wrong hands.
Unfortunately, most stolen passwords are relatively simple and easy to crack. Things like names, birthdays, hobbies, and favorite pets aren’t good password material, and using them is just asking for trouble.
That’s where password generators become useful. In this guide, we’ve analyzed five of the best password generators available today. Among other things, we’ve looked at the pros and cons, ease of use, and security features of numerous programs to bring you this list, so you can rest assured that it’s comprehensive and accurate.
Note that many of the programs listed below offer some sort of password manager alongside their password generators. There is also a mixed selection of free and paid options.
Here, then, are the best password generators currently available.
- We've also featured the best business password management software.
Dashlane is another powerful password management program offering a secure online and in-app password generator. It includes the standard password creation tools, allowing you to specify the length and character types for your new login.
You can create passwords from four to 40 characters long using the Dashlane generator. Specify whether you want it to include numbers, letters, symbols, or a combination of the three, and gauge the strength of your password through the interface’s background color—red for weak, orange for medium, and green for strong.
Those who need to manage and store numerous login details may also benefit from the Dashlane password manager.
- Read our full Dashlane review.
LastPass offers a powerful, secure password generator that’s 100% free and backed by a range of additional features. It’s available both online through the LastPass website and within the LastPass app. With it, you can specify exactly what sort of password you want to create.
For starters, you will be asked to specify the length of your password, which can be anything from one to 50 characters long. You can choose from passwords that are easy to say (without numbers or special characters), easy to read (without confusable characters like 1 & l), and standard (all characters). You can also specify which combination of uppercase and lowercase letters, numbers, and/or symbols you want to use. Once a password has been generated, a neat color-coded bar indicates its strength.
Alongside its password generator, LastPass also offers one of the best password managers on the market. New passwords can be imported directly to the manager, which comes with a range of advanced features.
- Read our full LastPass review.
With the NordPass password generator, you can quickly create new passwords both online and within the NordPass password management app. It supports the generation of passwords up to 60 characters long.
You can also select between uppercase and lowercase letters, digits, symbols, or a combination of the four. On top of this, NordPass includes a checkbox that allows you to avoid ambiguous characters like 1 and I that could be confused.
The in-app generator is just as powerful and comes with the added benefit of being able to save your password immediately. In addition, the base version of the NordPass password manager is 100% free.
- Read our full Nordpass review.
KeePass is a free, open-source password management program with a built-in password generator. It is a little difficult to set up, but it’s extremely powerful and supports a selection of predefined password compositions.
You can create standard random passwords based on standard length and composition criteria. But, KeePass also enables the generation of passwords following specific rules. For example, if your password has to include upper and lowercase letters, numbers, and one special character, you can specify this with the click of a button.
- Read our full KeePass review.
With the Strong Password Generator, the name says it all. This simple yet secure online program is designed to create unbreakable passwords at the click of a button. All new passwords are created locally on your computer, which means they aren’t ever stored online or on the program’s servers.
On top of this, the Strong Password Generator allows you to specify the length and composition of your new login. In theory, you can create passwords that are as long as you want. During our testing, we were able to easily generate a random string up to a million characters long in a matter of seconds—not that you would ever need one of this length.
In addition, you can specify what type of characters you want your password to include. Choices include alpha upper (A–Z), alpha lower (a–z), numbers (0-9), and symbols. Each new password comes with a unique QR code so you can transfer it to a phone or tablet as required.
- Also see our featured best password recovery solutions.
Password Cracking vs Password Recovery. What's the Difference?
Denis Gladysh, co-owner and head of Passcovery, a supplier of high-speed GPU-accelerated software solutions for recovering passwords of popular file formats
To date when breaking secure passwords, one uses password guessing attacks. It is as if you were actually entering all trial passwords one by one until you find the one that fits to open the file. Only in this case a program does it for you at a rate of tens-hundreds-thousands-millions-billions of passwords per second. Such a guessing technique is referred to as brute-force attack.
How long you'll have to wait depends on two factors: the number of words to test and the speed of brute-force attack. The longer the charset that may include the right password is, the more trial passwords there will be. As the password length is increased, the number of trial passwords will grow exponentially, for example:
number_of_passwords = charset_length^password_length
So, in order to guess a password of only 1 lowercase Latin letter 26^1=26 trial passwords will be generated. For a 2-character password - 26^2=676. 3-character password – 26^3=17576, etc.
Cracking a 1-character password of uppercase and lowercase Latin letters will require testing of 26*2=52^1=52 passwords, and in order to crack a 3-character password 52^3=140608 passwords will be generated and tested, etc.
Our programs give perfect visualization of these calculations when you configure a brute force attack. As you change input parameters, the program estimates in real time the number of generated passwords and approximate time to completion. Now that we have covered passwords settings and the range of trial passwords, it is time to crack the password. How long will it take?
Bad news. It's going to take a while. A pretty long time actually. Remember I said that data security vendors use their own methods to deal with password hacking attacks? For example, they slow down the rate of password checking.
More often than not, the delay will go unnoticed (or it may leave a positive impression: "it is taking so much time - the security level must be really high!") when you enter one correct password, but it does slow down the speed of searching during a brute force attack.
When you enter a password, a special algorithm called hashing algorithm converts the password into an encryption key, and passes the key on to the data encryption algorithm. A little too simple. And too fast. Inadequately fast. (the guys behind protection algorithms in Adobe Acrobat 9 should know what it's all about :)
That is why the hashing algorithm does not immediately release the encryption key. First, it hashes the key itself. Then hashes it again. And again. And again. And it goes on and on ... hundreds, thousands and even tens of thousands times. This trick is called key stretching; it is an easy way to make brute force search more time consuming by requiring repeated hashing.
One moment delay when checking one password turns into years of waiting when checking billions of passwords. For example, with the release of iOS 10.2 by Apple has ruled out the possibility of cracking iOS backup passwords by using 10,000,000 (ten million!) hashing iterations. Hence, the rate of brute-force search has almost dropped to zero, and GPU acceleration has become useless.
In this context, it becomes next to impossible to crack a random someone else's password that is completely unknown to the attacker. Especially when there is no high-performance hardware. Although it should be noted that there is always room for foolishly easy passwords that might be found in a dictionary.
Recovering your own password is a different story. You sure have been in a situation when you promised to do something and clean forgot about it. Or some may have experienced amnesia which returned their brain to a sort of a tabula rasa state. When it comes to forgetting passwords it is never the case.
The password or its structure or the words of the passphrase will still be revolving in your head. The correct password will be looming somewhere within reach. It will be flickering in the dark and feebly hovering over among similar ones. Just like those glittering winged keys in the underground chambers of Hogwarts School. Just reach out and grab the right one!
And that is the essence of password recovery and how it’s different from hacking: you don't need to try all the keys in the world. Just cut off the irrelevant and thus reduce the range to only the likely ones. This way you can quickly check them all and find recover the password.