Vivlab
Password

Generate a strong

The free Vivlab password generator creates random, secure passwords right in your browser.

Pick the length and the characters: nothing is sent over the web.

Your password

Strength

Strong

How it works

Create a password in 3 steps

1

Set the length

Slide the cursor between 8 and 64 characters: the longer it is, the harder the password is to crack.

2

Choose the characters

Turn on uppercase, lowercase, digits and symbols depending on what the site accepts.

3

Copy the password

A new password appears with every change; copy it in one click or roll again if you need to.

What makes a password strong?

A password's strength doesn't come from one fancy character, but from the number of possible combinations. The longer it is and the more it mixes character types, the harder it gets to guess or crack.

Length comes first

Each extra character multiplies the number of combinations an attacker has to try. Aim for at least 16 characters: that often beats adding a symbol to a password that's too short.

Variety & entropy

Mixing uppercase, lowercase, numbers and symbols raises the entropy, meaning how unpredictable the password is. The higher the entropy, the lower the odds that a brute-force attack will succeed.

One unique password per service

If a site gets hacked and you reuse the same password elsewhere, all of your accounts are suddenly at risk. A different password for each service keeps the damage to a single account.

Generated locally

Your password is created right in your browser, using a secure random generator. It's never sent to or stored on a server.

Even better: two-factor authentication

With two-factor authentication (MFA), a stolen password isn't enough on its own. A second proof is asked for at login: a code from an authenticator app, or a confirmation on your phone. Turn it on as soon as a service offers it.

The best option: passkeys

A passkey replaces the password entirely with a cryptographic key tied to your device, unlocked by your fingerprint or your face. Nothing to memorize, nothing to type, and phishing stops working since there's no secret to steal.

Tip: since you can't memorize a unique, complex password for every service, use a password manager. It stores them encrypted and fills them in for you: all you have to remember is one master password.

Have your credentials already leaked?

A well-chosen password no longer protects you if the site holding it was hacked. Have I Been Pwned tracks known data breaches. Enter your email address to see whether it shows up in a leak, then change the affected passwords.

Check on Have I Been Pwned

Frequently asked questions

Choosing a password well

How long should it be?

Aim for at least 12 characters, and 16 or more for a sensitive account like email or banking. Each extra character multiplies the number of possible combinations, so lengthening the password protects far more than adding a single symbol.

Is the draw really random?

Yes. The tool relies on crypto.getRandomValues, your browser's random generator built for cryptography, rather than an ordinary chance function. Each character is drawn independently from the set you ticked.

Is my password sent anywhere?

No, it is made locally in your browser and sent to no server. Nothing is stored: refresh the page and it's gone, which lets you copy it straight into your password manager.

Can I reuse the same password?

Better not. If one site is breached, a reused password opens the door to all your other accounts. Generate a different one per service and hand them to a password manager rather than your memory.

Why are symbols off by default?

Some sites still reject special characters or limit which ones they accept. Leaving them optional avoids a nasty surprise at submit time; tick them as soon as the service allows it, since they add strength.