Free Password Generator 2026

Q: How often should I change my passwords?

Only if you think it's been stolen. The change every 90 days rule is old advice. It made people pick weak passwords. Change it if a site gets hacked.

Paul Reynolds

Generate My Password

Email
preynolds@ydc.is

Bad passwords let hackers in. This tool makes strong ones. It follows the rules from the UK National Cyber Security Centre.

Click Generate to create your password

Password strength will show here

Length: 16

Lowercase (a-z)

Uppercase (A-Z)

Numbers (0-9)

Symbols (!@#$%)

80%

of data breaches involve weak or stolen passwords

Too many people use "123456" or "password". Hackers try these first. See my most common passwords list for more.

Long Beats Complex

Old rules said use symbols and capitals. That's outdated now.

The latest US guidelines say: make it long. A 16-letter password takes years to crack. An 8-letter one? Minutes.

Tip: Use 14-16 letters for email and banking. This tool starts at 16 for a reason.

How to Use This Tool

Pick your password length (14 or more is best)
Pick which letters and symbols to use
Click Generate
Copy it and save it somewhere safe
Never use the same password twice

This tool runs in your browser. Nothing goes to a server. Your passwords stay private.

Good Password Rules for 2026

The rules changed. Here's what matters now:

Make it long - 16 letters beats "P@ssw0rd!"
Use it once - One hack shouldn't open all your accounts
Skip personal stuff - No birthdays, pet names, or teams
Use a password app - You can't remember 100 passwords
Add a second step - A code on your phone stops most attacks

Good passwords help you pass Cyber Essentials. It's one of five key tests.

The Three Words Trick

The UK cyber team says: pick three random words. Join them. Like "sunset-coffee-river".

Add a number if you want: "sunset3coffee#river". Good for passwords you type a lot.

For the rest, use this tool and a password app.

Passkeys Are Coming

Passkeys will replace passwords. Google, Apple and Microsoft are pushing them.

You use your fingerprint or face. No password to steal. If a site offers them, use them.

But passwords aren't going away yet. Make them strong.

Common Mistakes

I see the same problems at many businesses:

Using the company name in passwords
Sharing passwords with the team
Writing them on sticky notes
Same password for work and home
Not changing default passwords

Sound familiar? You're not alone. These are easy to fix. See my guide on user access control.

Frequently Asked Questions

At least 12 letters. For email or banking, use 14-16. Short passwords get cracked in minutes. Long ones take years.

Not really. Length matters more. A 16-letter password beats an 8-letter one with symbols. Mix them if you want. It won't hurt.

Yes. It runs in your browser. Nothing goes to a server. No one sees your passwords but you.

Only if you think it's been stolen. The "change every 90 days" rule is old advice. It made people pick weak passwords. Change it if a site gets hacked. Or if you shared it with someone.

Yes. You can't remember 100 strong passwords. Apps store them safely. They fill them in for you. The UK cyber team says to use them. Bitwarden and 1Password are good ones.

It adds a second step when you log in. A code on your phone. Use it on every site that offers it. It stops most hackers. From April 2026, it's a must for Cyber Essentials.

They replace passwords. You log in with your fingerprint or face. Nothing to type. Nothing to steal. Use them if a site offers them. Google, Amazon and Microsoft all have them.

Need Help With Security?

Passwords are just one part of it. I help UK businesses get protected.

Get in Touch