ExpressVPN security tools
How to generate a strong password
The password above is new, generated by your device when you opened this page. Click the Copy button and paste it wherever you need. If you need a new one, click Regenerate. Check the Character Types boxes or use the Password Length slider to change specifications.
The ExpressVPN Password Generator uses your device to estimate the time to crack the password in the box by brute force (a computer churning through random guesses). Please note: A password that is mathematically complex but not random (such as P4s$w0rd987) might be easy to guess by searching for variations on common words or using a list of leaked passwords.
How secure is my password?
For all the talk of massive data breaches dominating the headlines, the rules for generating a secure password are actually not that complicated: Make it long, make it random, and make it unique. A 50-character password of nothing but 1s wouldn’t be random or unique, and neither would the lyrics to “Hotel California,” your kids’ birthdays, or that same password you’ve been reusing with minor tweaks for a decade. In all likelihood, nothing you could think up on your own is truly random; the human brain just doesn’t work that way.
That’s where our Random Password Generator comes in. Use it to create a secure password for every site and service you use. The default settings should generate a password strong enough for most purposes (although adding characters never hurts). Using a password manager can help you keep track of all your complex passwords.
And for those rare situations where you must rely on your memory, such as the password for accessing your password manager itself, we recommend a string of words pulled one by one from a dictionary. Keeping yourself safe in this digital age requires digital solutions—but a dash of the analog can help in a pinch.
Frequently asked question
How do random password generators work?
Random password generators use a mathematical function to fill an array with random values, then convert those values into a string of characters, including upper and lower case letters, numbers, and symbols.
ExpressVPN’s password generator also lets you select the length of your password and which types of characters are required, and uses a separate function to quickly estimate your new password’s strength.
If you’re interested in how this password generator works at a deeper level, feel free to download it to your device and inspect the code directly.
Are random password generators safe?
A random password generator is safe to use as long as it:
Uses a cryptographically secure method of generating random passwords
Allows you to generate passwords that are long and complex enough to be effective
Generates passwords privately on your device and does not send them across the internet
The ExpressVPN password generator at the top of this page fulfills these requirements, so it’s safe to use.
What makes a strong password?
A password’s strength is defined by how difficult it would be for an attacker to crack or guess. Therefore the strongest passwords are long, random, and unique.
Long passwords are stronger than short passwords because, as length increases, it takes exponentially longer for a modern computer to try every possible combination of characters, a technique called brute-forcing. An 8-character password, for instance, would only take about three hours to crack by brute-force. Adding just four characters increases that time to three years.
Random passwords are difficult to guess. A password like “jack and jill went up the hill” may be long, but it is also a known phrase that attackers are likely to try as part of a dictionary attack, and if compromised, would give attackers a clue as to what your other passwords might be. Random passwords are unlikely to appear in any attacker’s dictionary, and give no such clues.
Finally, unique passwords won’t appear in any database of stolen passwords, which password crackers often use as a starting point in their attacks. Unique passwords also protect your other accounts in case one is ever compromised.
Therefore, if your password is long, random, and unique, you can safely call it a strong password.
What makes a weak password?
If strong passwords are long, random, and unique, then weak passwords are short, non-random, or reused. If any of your accounts uses a short, non-random, or reused password, you should change it as soon as possible.
Should I use a random password generator?
Yes, using a random password generator like the one on this page is an excellent way to increase your online security. We recommend using it any time you create a new online account or change a password for an existing one.
The ExpressVPN Guide to Stronger Passwords
Two-factor authentication makes your accounts and services harder to hack by creating a secondary password that is only valid for a short time. We’ll show you why to use it, how to set it up, and which 2FA methods might be right for you.
A truly random password is only useful if you can remember it. We’ll show you some of the leading password managers. And we’ll explain the risks of using your browser’s built-in password-saving feature.