password generator

Need a password? Try this Strong

Password Generator.

Generate secure, random passwords to stay safe online

---

---

A secure way to remember passwords.

---

What makes a password strong?

The Strong Password Generator

Top password tips from the pros

You should be aware of the following to keep your passwords safe from social engineering, brute force, or dictionary attacks, and to keep your online accounts protected:

1. Use different passwords, security questions, and answers for each accounts.
2. Use at least 16 characters in your password, including at least one number, one capital letter, one lowercase letter, and one special symbol.
3. Don’t use passwords that include the names of your family, friends, or pets.
4. Do not use your passwords to store postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, or other personal information.
5. Don’t use any terms from the dictionary in your passwords. Strong passwords include ePYHcdS*)8$+V-‘, qzRtC6rXN3NRgL, and zbfUMZPE6’FC percent)sZ. qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword are all examples of poor passwords.

6. Do not use two or more passwords that are identical in most of their characters, such as ilovefreshflowersMac and ilovefreshflowersDropBox, since if one of these passwords is taken, all of them are stolen.
7. Don’t use stuff like your fingerprints as a password because they may be duplicated (but not changed).
8. Do not keep your passwords in your web browsers (Firefox, Chrome, Safari, Opera, Internet Explorer, Microsoft Edge), as any passwords saved in web browsers can be readily guessed.
9. Don’t log into sensitive accounts on other people’s computers, or when using a public Wi-Fi hotspot, Tor, a free VPN, or a web proxy.

10. Do not communicate sensitive information over the internet using unencrypted connections (e.g. HTTP or FTP), as messages on these connections can be sniffed with little effort. When feasible, employ encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, and IPSec.
11. You may encrypt your Internet connections before they leave your laptop, tablet, phone, or router when traveling. For example, you may connect to a private VPN on your own server (home PC, dedicated server, or VPS) using protocols like WireGuard (or IKEv2, OpenVPN, SSTP, L2TP over IPSec). You may also build up an encrypted SSH tunnel between your PC and your own server and utilize socks proxy in Chrome or FireFox.
12. Is my password safe to use? Perhaps you feel your passwords are really secure and tough to guess. However, if a hacker steals your username and your password’s MD5 hash value from a company’s server, and the hacker’s rainbow table has this MD5 hash, your password will be broken rapidly. You may use an MD5 hash generator to convert your passwords to MD5 hashes, then submit these hashes to an online MD5 decryption service to assess their strength and see if they’re in the popular rainbow tables. If your password is “0123456789A,” for example, a computer may take over a year to break it using the brute-force approach.

13. Changing your passwords every 10 weeks is advised.
14. It’s advised that you remember a few master passwords and keep other passwords in a plain text file that you encrypt with 7-Zip, GPG, or a disk encryption program like BitLocker, or use a password management software to manage your passwords.
15. Encrypt and backup your passwords in many locations so that you can easily recover them if you lose access to your computer or account.
16. Whenever feasible, enable two-factor authentication.
17. Avoid storing sensitive passwords on the cloud.
18. Access key websites (e.g. Paypal) straight from bookmarks; otherwise, double-check the domain name; it’s also a good idea to use the Alexa toolbar to assess a website’s popularity.

19. Use firewall and antivirus software to protect your computer, and use the firewall to prevent all incoming and outgoing connections. Only download software from reliable websites, and validate the installation package’s MD5 / SHA1 / SHA256 checksum or GPG signature wherever feasible.
20. Install the latest security update to keep your operating systems (e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux) and Web browsers (e.g. FireFox, Chrome, IE, Microsoft Edge) on your devices (e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet) up to date.
21. If you have sensitive data on your computer that others can access, check for hardware keyloggers (e.g. wireless keyboard sniffer), software keyloggers, and hidden cameras when you think it’s required.

22. If you have WIFI routers in your home, it’s feasible to figure out what passwords you typed (at your neighbor’s house) by detecting your finger and hand motions, because the WIFI signal they receive changes as you move your fingers and hands. In such instances, you can input your passwords using an on-screen keyboard; however, it would be more safe if this virtual keyboard(or soft keyboard) changed layouts every time.
23. When you leave your computer or phone, be sure it is locked.
24. Before placing crucial files on the hard drive, encrypt it with VeraCrypt, FileVault, LUKS, or similar programs, and physically destroy the hard drive of your previous devices if required.

26. Use at least three different email addresses: the first one to receive emails from important sites and apps like Paypal and Amazon, the second one to receive emails from unimportant sites and apps, and the third one (from a different email provider like Outlook or GMail) to receive your password-reset email if the first one (e.g. Yahoo Mail) is hacked.
27. Use at least two different phone numbers; do not reveal the phone number you use to receive verification code text messages to anyone.
28. Unless you know these communications are not fraudulent, do not open the link in an email or SMS message, and do not change your passwords by clicking it.
29. Keep your passwords to yourself.
30. It’s conceivable that one of the software or apps you downloaded or updated has been tampered with by hackers; you may avoid this by not installing this software or app for the first time, unless it’s been released to remedy security flaws. Instead, you may utilize Web-based programs, which are safer and more portable.

31. When utilizing online paste and screen capture programs, be cautious about allowing them to save your credentials to the cloud.
32. If you’re a webmaster, instead of storing the plain text passwords, security questions, and answers in the database, keep the salted (SHA1, SHA256, or SHA512)hash values of these strings. It’s a good idea to provide each user their own random salt string. Furthermore, it’s a good idea to log the user’s device information (e.g. OS version, screen resolution, etc.) and save the salted hash values of them, so that when he or she tries to login with the correct password but his or her device information does not match the previously saved one, the user can verify his or her identity.

33. If you’re a software developer, you should publish an update package that’s signed with a private key and verified with the public key you previously released using GnuPG.
34. To keep your online company safe, you should register your own domain name and set up an email account with it. This way, you won’t lose your email account and all of your contacts, and your email account won’t be disabled by your email provider because you may host your mail server anywhere.
35. If an online purchasing site only accepts credit cards as payment, you should instead utilize a virtual credit card.

36. When you leave your computer, close your online browser; otherwise, cookies may be readily intercepted using a simple USB device, allowing you to avoid two-step verification and enter into your account using stolen cookies from other machines.
37. If you don’t trust and delete faulty SSL certificates from your browser, you won’t be able to guarantee the secrecy and integrity of HTTPS connections that utilize these certificates.
38. Encrypt the whole system partition; otherwise, disable the pagefile and hibernation features, as the pagefile.sys and hiberfil.sys files may contain vital documents.

39. You may use intrusion detection and prevention software like LFD (Login Failure Daemon) or Fail2Ban to prevent brute force login attacks on your dedicated servers, VPS servers, or cloud servers.
40. If at all feasible, utilize cloud-based software rather than installing it on your local device, because supply-chain assaults are on the rise, with malicious applications or updates being installed on your device to steal your credentials and obtain access to top-secret data.
41. It’s a good idea to produce MD5 or SHA1 checksums for all files on your computer (using software like MD5Summer) and store the results, then compare them every day to check the integrity of your files (and discover trojan files or applications with backdoors implanted).

42. Every major organization should create and use an intrusion detection system based on artificial intelligence ( including network behavior anomaly detection tools ).
43. Only allow whitelisted IP addresses to connect to or log into critical servers and workstations.