Generate a strong
The free Vivlab password generator creates random, secure passwords right in your browser.
Pick the length and the characters: nothing is sent over the web.
Your password
Strength
Strong
What makes a password strong?
A password's strength doesn't come from one fancy character, but from the number of possible combinations. The longer it is and the more it mixes character types, the harder it gets to guess or crack.
Length comes first
Each extra character multiplies the number of combinations an attacker has to try. Aim for at least 16 characters: that often beats adding a symbol to a password that's too short.
Variety & entropy
Mixing uppercase, lowercase, numbers and symbols raises the entropy, meaning how unpredictable the password is. The higher the entropy, the lower the odds that a brute-force attack will succeed.
One unique password per service
If a site gets hacked and you reuse the same password elsewhere, all of your accounts are suddenly at risk. A different password for each service keeps the damage to a single account.
Generated locally
Your password is created right in your browser, using a secure random generator. It's never sent to or stored on a server.
Even better: two-factor authentication
With two-factor authentication (MFA), a stolen password isn't enough on its own. A second proof is asked for at login: a code from an authenticator app, or a confirmation on your phone. Turn it on as soon as a service offers it.
The best option: passkeys
A passkey replaces the password entirely with a cryptographic key tied to your device, unlocked by your fingerprint or your face. Nothing to memorize, nothing to type, and phishing stops working since there's no secret to steal.
Tip: since you can't memorize a unique, complex password for every service, use a password manager. It stores them encrypted and fills them in for you: all you have to remember is one master password.
Have your credentials already leaked?
A well-chosen password no longer protects you if the site holding it was hacked. Have I Been Pwned tracks known data breaches. Enter your email address to see whether it shows up in a leak, then change the affected passwords.