Skip to main content
Back to Numbers generators

Numbers

Custom Rule Password Generator

A custom rule password generator lets you define exact character requirements before generating — so every output complies with your target system on the first try. Toggle uppercase letters, digits, and symbols on or off, set the length (default 16), and choose how many passwords to produce in one batch. This is useful for developers seeding test databases with valid credentials, IT admins provisioning accounts at scale, and anyone dealing with a financial portal or corporate policy that enforces specific character rules. Instead of trial-and-error with a site's error messages, you set the constraints upfront and get a clean list of compliant passwords instantly.

Read the complete guide — 4 min read

How to use

  1. Choose your options above
  2. Click Generate
  3. Copy your result

Detailed instructions

  1. Set the Password Length field to match the minimum or target length required by your site or policy.
  2. Adjust How Many to the number of unique passwords you need — useful for batch account setups.
  3. Toggle Include Uppercase, Include Numbers, and Include Symbols to match the character rules of your target system.
  4. Click Generate to produce a list of compliant passwords built from your exact rule set.
  5. Copy any password from the output list and paste it directly into your target site or store it in a password manager.

Use Cases

  • Provisioning 10 temporary staff accounts that must meet Active Directory complexity requirements
  • Generating test credentials for a Jest or Cypress auth flow with strict password validation
  • Creating banking or financial portal passwords with symbols disabled to avoid encoding errors
  • Producing a batch of 20-character passwords to bulk-import into a Bitwarden or 1Password vault
  • Building lowercase-only codes for case-insensitive legacy systems prone to symbol-encoding bugs

Tips

  • If a site rejects symbols, disable them first rather than trying individual passwords — most rejections are blanket symbol bans.
  • For bulk user imports, generate exactly the count you need and export the list to avoid mixing batches with different rule sets.
  • Longer passwords compensate for fewer character types — a 20-character lowercase-only password is stronger than a 10-character mixed one.
  • When testing password validation logic, generate one batch with all types enabled and one with each type disabled individually to cover edge cases.
  • Avoid reusing any generated password across accounts — the value of this tool is producing a unique credential each time, so use that advantage.
  • For temporary credentials, increase length to 20+ so that even if a user shares the password informally, it's harder to memorize and misuse.

FAQ

how do I generate a password with no special characters

Set Include Symbols to No before clicking Generate. If you also need to strip out numbers — for a letters-only output — disable Include Numbers as well. The generator uses only the character types you leave enabled, so the result will pass any system that blocks special characters.

what password length is actually secure in 2024

NIST SP 800-63B recommends at least 15 characters for memorized secrets. For credentials stored in a password manager, 20+ characters with all three character types enabled offers strong brute-force resistance. The default of 16 here is a solid general-purpose starting point.

are passwords generated in the browser safe to use

Yes — generation happens entirely client-side, so nothing is sent to a server or logged, and the tool now draws from the Web Crypto API (crypto.getRandomValues) with unbiased sampling rather than Math.random, so the passwords have genuine cryptographic randomness. The trade-off of client-side generation is that you cannot regenerate the same password twice, so save it in a password manager as soon as you create it.

Should I use a different password for every account?

Yes — reusing a password means one breached site exposes every account that shares it, which is how most account takeovers happen. Use a unique, long password per service and store them in a password manager. The generator makes producing a fresh, strong password per account effortless, so there is no reason to fall back on reuse; generate one, save it, and never have to remember it.

Are generated passwords better than ones I make up?

Almost always — human-chosen passwords follow predictable patterns (names, dates, keyboard runs, common substitutions) that cracking tools exploit, while a randomly generated string of sufficient length has far more genuine entropy. The generator produces unpredictable passwords from a cryptographically secure source, so the result is much harder to guess or brute-force than anything memorable enough to invent yourself.

You might also like

Popular tools from other categories that share themes with this one.

Try these next

More free tools from other corners of the catalog, picked by shared themes.