How can I choose a secure password?

We were occasionally asked if there's a safe way to generate secure, random passwords for use on our services or anywhere else. This page does that for you — the random passwords below are all generated entirely on your own computer within your web browser, and are safe to use anywhere.

Why don’t these passwords contain special characters or uppercase letters?

Using long passwords like these is just as secure as using passwords with hard-to-type special characters in them, or that have mixed upper and lowercase. And there’s no reason to make your passwords hard to type when you can just make them longer. This article from ZDNet explains more about this.

How secure are these passwords?

All three of these passwords are secure enough for any use on our systems. The first contains five random elements from a source of over 900 possible word/number combinations, meaning there are about 600 trillion random passwords that might be generated. Even if someone knows you generated a password using this page, it’s extremely unlikely that they could guess it.

The second password shown is 900 times as secure as the first, and the third is 900 times as secure as the second. You can choose the second or third if you’re more concerned about security than about ease of typing.

For even more security, you can substitute one or more of the words in the password for different words that only you know.

How do I know I can trust you?

That’s a wise question! On the one hand, if you’re one of our customers, you’re already trusting us with your encrypted passwords — but we take great pains to make sure that we never know the original password you choose. It’s reasonable to ask how you can check that.

Technically advanced users can examine the source code of this page and the script it uses, and verify that the password is generated entirely on your own computer, and not sent back to us or recorded.

If you’re still nervous, you might want to try a different well-known site that offers random password generation services, like random.org.