passwordgeneratortool.co.uk

Free UK password generator and online password creator — strong random, NCSC three-random-words, Cyber Essentials compliant, kid-safe, or any specific length.

By Mat at INLine Computers · Aligned with NCSC guidance · 100% in your browser

Which password tool do you need?

Strong random password

Quick, all-purpose. 12–64 chars, full character set. The default tool below.

Use generator below ↓

Cyber Essentials ✓

UK CE v3.3 (April 2026) compliant. 12+ chars enforced, breach blocklist, bulk export.

Open CE tool →

Three random words (NCSC)

The UK NCSC's recommended method. Memorable, hard to crack.

Open 3-word →

By length (8/10/12/14/16+)

Pick a specific length when a system requires it. Each length has its own use case.

Pick a length →

Kids & schools 🐼

Curated kid-safe wordlists, three difficulty levels, bulk class export for teachers.

Open Kids →

Easy / memorable

Friendly word + number combinations for low-stakes accounts.

Open easy →

Password ideas & formulas 💡

Three patterns for memorable-but-strong passwords, plus the ideas that don't work.

See ideas ↓

Strong Random Password Generator

Generate a strong random password instantly. All generation happens in your browser using crypto.getRandomValues() — nothing is sent to any server.

Generated password(s):

    16
    Cyber Essentials minimum: 12 characters with MFA, or 14 without.

    A generator makes one strong password — a password manager remembers a unique one for every account.

    The NCSC explicitly recommends using a password manager. Disclosure: the links below are affiliate links — we may earn a small commission at no extra cost to you.

    Try NordPass Try Bitwarden (free tier)

    Why "three random words" is now the UK standard

    For years, password advice was about complexity: mix uppercase, lowercase, numbers, symbols. The UK National Cyber Security Centre (NCSC) changed that.

    Their advice: combine three random words, like RiverPianoLamp. The result is long enough to resist brute-force attacks and easy enough for a human to remember without writing it down.

    The reason this works isn't magic — it's length. A three-word passphrase is typically 16–24 characters, far longer than a typical "complex" password, and length matters more than character variety once you pass a basic threshold.

    Quick rules

    • Three unrelated words — not "one two three" or "red blue green"
    • Nothing personal — no pet names, birthdays, or favourite teams
    • Use a different one for every important account (or use a password manager)
    • Pair with multi-factor authentication wherever possible
    Generate three random words →

    Working towards UK Cyber Essentials?

    From 27 April 2026, the updated Cyber Essentials v3.3 requirements (Danzell question set) tightened password rules: a minimum of 12 characters for user accounts where multi-factor authentication is enforced, or 14 characters where it is not. Common breached passwords must also be blocked.

    Use the random generator above with a length of 12 or higher, or use the three-words approach. Either approach satisfies the length requirement — pair it with MFA on every cloud service.

    Setting up passwords for kids or a school class?

    The Kids Password Generator uses a curated, child-safe wordlist with three difficulty levels. Teachers can use bulk mode to generate a full class (up to 35 pupils) and export to CSV ready for Active Directory, Microsoft 365, or your MIS.

    For broader guidance on talking to children about passwords, see the parent & teacher guide.

    Password ideas & formulas that actually work

    If you don't want to rely on a generator every time, three simple patterns produce memorable passwords that still score well against modern cracking tools. All three are stronger than the usual "capital letter + word + number + !" that most people reach for.

    💡 Idea 1 — Three random words

    The NCSC's official recommendation. Pick three words that have no connection to each other, string them together, capitalise the first letter of each.

    Formula: WordWordWord

    Example: RiverPianoLamp (16 chars)

    Try the 3-word generator →

    💡 Idea 2 — Sentence mnemonic

    Think of a sentence only you would use, then take the first letter of each word plus any numbers that appear naturally.

    Formula: First letters + natural numbers

    Example: "My first dog Rex was born in 2009 in Leeds"MfdRwbi2009iL

    Memorable because the story is personal; strong because it doesn't match any dictionary.

    💡 Idea 3 — Word + site prefix

    Pick one strong memorable phrase, then prepend a short hint for each site. Not as strong as true unique passwords, but better than reuse.

    Formula: SiteHint + core phrase

    Example: Core phrase Piano-River-Lamp-42. For Amazon: Az-Piano-River-Lamp-42. For Gmail: Gm-Piano-River-Lamp-42.

    Caution: if the pattern is guessable, so are all your passwords. Only use as a bridge to a real password manager.

    Password ideas that don't work

    • Your favourite [pet / team / colour]. Findable on your social media. Also the first thing attackers try.
    • Password1!, Summer2026!, Welcome123. All in the top 1,000 most-breached passwords. The exclamation mark doesn't help — attackers know.
    • P@ssw0rd style leetspeak substitutions. Cracking tools have known about the @-for-a and 0-for-o swaps for 25 years.
    • Any real word followed by a year. One of the most common patterns in password breach data.
    • Keyboard walks like qwerty, asdfgh, 1qaz2wsx. All in every cracking dictionary.

    The single biggest improvement you can make isn't picking a cleverer formula — it's making sure every account has a different password. Use a password manager (NordPass or Bitwarden — see the panels above) and let it remember everything for you.

    Frequently Asked Questions

    The UK National Cyber Security Centre recommends combining three random words to create a password that is long enough to be hard to crack but easy enough to remember. Our 3-Word Generator follows this method directly.

    No. All passwords are generated in your browser using JavaScript. Nothing you type or generate ever leaves your device, and nothing is logged.

    For most personal accounts, the NCSC's three random words approach gives a typical length of 16–24 characters which is strong. For UK Cyber Essentials compliance, user accounts now require a minimum of 12 characters where multi-factor authentication is also enforced, or 14 characters where it is not.

    Yes — completely free, with no sign-up. The site is supported by Google ads and a small affiliate commission if you sign up to a recommended password manager via our links. The tools themselves are unaffected.

    Yes. A generator helps you create one good password at a time, but a password manager remembers a unique strong password for every account so you don't have to. The NCSC explicitly recommends using one.

    PasswordGeneratorTool.co.uk is built and maintained by Mat at INLine Computers, a UK-based IT professional and indie developer. It's part of a small portfolio of free online tools.

    Bonus: Dummy Data Maker — Usernames & Emails

    Useful for developers and testers — generate fake usernames and email addresses for test accounts.

    Generated Dummy Data: