{{Short description|Program that generates password from random number generator}} [[File:Bitwarden Desktop 2024.12.1 password generator screenshot.webp|thumb|upright=1.2|Random password generator in Bitwarden]] A '''random password generator''' is a software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password.

Mnemonic hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the hash can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.<ref name="memorize">{{cite book |last1=Ghazvininejad |first1=Marjan |last2=Knight |first2=Kevin |title=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |chapter=How to Memorize a Random 60-Bit String |date=May–June 2015 |volume=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |pages=1569–1575 |doi=10.3115/v1/N15-1180 |chapter-url=https://www.isi.edu/natural-language/mt/memorize-random-60.pdf |location=Denver, Colorado |publisher=Association for Computational Linguistics |s2cid=8028691 }}</ref>

==Password type and strength== {{Main|Password strength}} {{Empty section|date=August 2025}}

==Websites== === Web Cryptography API === The Web Cryptography API is the World Wide Web Consortium’s (W3C) recommendation for a low-level interface that would increase the security of web applications by allowing them to perform cryptographic functions without having to access raw keying material. The Web Crypto API provides a reliable way to generate passwords using the <code>crypto.getRandomValues()</code> method. Here is the simple Javascript code that generate the strong password using web crypto API.<ref>{{Cite web |title=Generate a Secure Random Password Using Web Crypto API and Javascript |url=https://gist.github.com/fearspear/4d757e956b0ff92ad0412691fbfc322f |access-date=2024-01-06 |website=github.com}}</ref><ref>{{Cite web |title=Step-by-step process of creating a robust password using Web Crypto API |url=https://passwordlab.io/blog/step-by-step-process-of-creating-a-robust-password-using-web-crypto-api |access-date=2024-01-06 |website=passwordlab.io}}</ref>

== FIPS 181 standard == Many computer systems already have an application (typically named "apg") to implement the password generator standard FIPS 181.<ref>{{Cite web |title=StrongPasswords – Community Help Wiki |url=https://help.ubuntu.com/community/StrongPasswords |access-date=2016-03-25 |website=help.ubuntu.com}}</ref> FIPS 181—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.<ref> NIST. [http://www.itl.nist.gov/fipspubs/fip181.htm Automated Password Generator standard] FIPS 181 </ref> However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.<ref>{{cite conference |author1=Shay, Richard |author2=Kelley, Patrick Gage |author3=Komanduri, Saranga |author4=Mazurek, Michelle L. |author5=Ur, Blase |author6=Vidas, Timothy |author7=Bauer, Lujo |author8=Christin, Nicolas |author9=Cranor, Lorrie Faith |year=2012 |title=Correct horse battery staple: Exploring the usability of system-assigned passphrases |url=http://www.andrew.cmu.edu/user/nicolasc/publications/Shay-SOUPS12.pdf |conference=SOUPS '12 Proceedings of the Eighth Symposium on Usable Privacy and Security |doi=10.1145/2335356.2335366}}</ref><ref>{{Cite journal |last1=Ganesan |first1=Ravi |last2=Davies |first2=Chris |year=1994 |title=A New Attack on Random Pronounceable Password Generators |url=http://csrc.nist.gov/publications/history/nissc/1994-17th-NCSC-proceedings-vol-1.pdf |journal=Proceedings of the 17th {NIST}-<nowiki/>{NCSC} National Computer Security Conference |publisher=NIST |pages=184–197 |access-date=2014-12-17}}</ref>

==Mechanical methods== Yet another method is to use physical devices such as dice to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter ''"j"'' from the fractionation table below.<ref>Levine, John R., Ed.: ''Internet Secrets'', Second edition, page 831 ff. John Wiley and Sons.</ref> :{| class="wikitable" ! |''1''||''2''||''3''||''4''||''5''||''6'' |- |''1'' ! a ! b ! c ! d ! e ! f |- |''2'' ! g ! h ! i ! j ! k ! l |- |''3'' ! m ! n ! o ! p ! q ! r |- |''4'' ! s ! t ! u ! v ! w ! x |- |''5'' ! y ! z ! 0 ! 1 ! 2 ! 3 |- |''6'' ! 4 ! 5 ! 6 ! 7 ! 8 ! 9 |}

==See also== * Cryptographically secure pseudorandom number generator * Diceware * Hardware random number generator * Key size * Master Password (algorithm) * Password length parameter * Password manager

==References== {{Reflist}}

==External links== <!-- Please do not add links to specific password generator Web sites and programs here. They will be removed. See WP:SPAM --> * [http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx Cryptographically Secure Random number on Windows without using CryptoAPI] from MSDN * [https://www.ietf.org/rfc/rfc4086.txt RFC 4086 on Randomness Recommendations for Security] (Replaces earlier RFC 1750.) <!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM -->

<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM -->

{{DEFAULTSORT:Random Password Generator}} Category:Password authentication Category:Applications of randomness Category:Cryptographic algorithms