PHP Random Password Generator


  • This script allows you to create your own list of passwords based off a specific set of parameters. You can either use my copy of the script (listed below under "See it in use") to generate passwords, or you can download a copy of the PHP script and make your own modifications.
  • I constantly found myself needing to create new passwords, either for myself or clients. I HATE passwords that I can't tell what the characters are by just looking at it. I also got tired of clients contacting me because they can't figure out if their password contained a 1, l, I or o, O, 0 when they read the old password they taped to the bottom of their keyboard (yes, we know you do that).

Terms of Use

  • All versions of this script, description, and documentation have been released under GNU General Public License. Basically this means you are free to use the script, modify it, and even redistribute versions of your own under the same license.


What's new

  • 1.0.0 [2011-04-29] First public release.


Everything should be fairly self explanatory. However, here is a breakdown of the different checkboxes

  • Hide confusing characters: This options allows you to hide any characters that might be confused with other similar looking characters. The current script disables:
    UPPER: I (eye), O (oh)
    lower: i (eye), l (el), o (oh)
    digit: 0 (zero), 1 (one)
  • Allow uppercase characters: Allows the password that is created to have random upper-case characters. ABCDEFGHJKLMNPQRSTUVWXYZ + IO
  • Allow lowercase characters: Allows the password that is created to have random lower-case characters. abcdefghjkmnpqrstuvwxyz + iol
  • Allow digits: Allows the password that is created to have random digits/numbers. 23456789 + 01
  • Allow special characters: Allows any of the "symbol" characters that are typeable on a standard keyboard to be part of the password. The "Hide confusing characters" does not affect anything in this set. ~!@#$%^&*()_+[]\;',./~{}|:\"<>?
  • Require at least one character of each chosen type: This option forces at least one character of each type (upper, lower, digits, and/or special) you checked to be part of the password. This means if you checked an option like "Allow Digits" that at least one digit is in the password that is created.
  • Password length: How many characters long you want the password to be. By default the script requires between 4-20 characters.
  • How many passwords: How many random passwords you want to create/print. By default the script will generate between 1-99 passwords.


Credits and a link to your website for anyone who posts a comment that includes suggestions (or code) that improves on the efficiency of the script. The requirements are that the script has to maintain the same level of functionality and it has to maintain (or improve) code readability.

I know for a fact that some of the stuff in there is done the ugly way. Since it works for what I need, if I wait on efficiency changes on a personal project it will sit there forever and probably never get released.

And yes I realize PHP's RNG is not true random, but the script is good enough for what I need. You are welcome to modify your own version with your own white-noise seed if you want.

See it in use

Hide confusing characters
Allow uppercase characters
Allow lowercase characters
Allow digits
Allow special characters
Require at least one character of each chosen type
Password length (characters)
How many passwords


It does not check for duplicates. However, you should be fine as the probability that the same password would come up twice is almost non-existant.

While what you say about PHP's rand() function is accurate (and already pointed out in my documentation above), even if you knew exactly what options I chose when generating my password there is no real-world way to calculate what the password was.

The vulnerability with pseudorandom occurs when you either know the timestamp seed from when each random character was chosen or when enough of the "random" data is known to calculate the unknown parts. Neither of which apply here.