Create a gist now

Instantly share code, notes, and snippets.

A user friendly, strong password generator PHP function.
// Generates a strong password of N length containing at least one lower case letter,
// one uppercase letter, one digit, and one special character. The remaining characters
// in the password are chosen at random from those four sets.
// The available characters in each set are user friendly - there are no ambiguous
// characters such as i, l, 1, o, 0, etc. This, coupled with the $add_dashes option,
// makes it much easier for users to manually type or speak their passwords.
// Note: the $add_dashes option will increase the length of the password by
// floor(sqrt(N)) characters.
function generateStrongPassword($length = 9, $add_dashes = false, $available_sets = 'luds')
$sets = array();
if(strpos($available_sets, 'l') !== false)
$sets[] = 'abcdefghjkmnpqrstuvwxyz';
if(strpos($available_sets, 'u') !== false)
if(strpos($available_sets, 'd') !== false)
$sets[] = '23456789';
if(strpos($available_sets, 's') !== false)
$sets[] = '!@#$%&*?';
$all = '';
$password = '';
foreach($sets as $set)
$password .= $set[array_rand(str_split($set))];
$all .= $set;
$all = str_split($all);
for($i = 0; $i < $length - count($sets); $i++)
$password .= $all[array_rand($all)];
$password = str_shuffle($password);
return $password;
$dash_len = floor(sqrt($length));
$dash_str = '';
while(strlen($password) > $dash_len)
$dash_str .= substr($password, 0, $dash_len) . '-';
$password = substr($password, $dash_len);
$dash_str .= $password;
return $dash_str;

It would be more "user friendly" if it generated passwords from a list of words. :-)


Excellent - thank you!


Thank you.


Thanks :)


Great. Thanks!




thx a lot!!


Great Code


Good work, thanks for the function


I can't seem to make it display the password? How do I use it?

  • nevermind, I found out. Just sharing -> add:

$password = generateStrongPassword(9);
echo "Suggestion for password: " . $password;

@Shifrin: Your solution does not require a BIG LETTER, a small letter, a number (0-9) and a special character, which makes your password very much stronger.


Head's up: This gist is not secure. Neither array_rand() nor str_shuffle() are cryptographically secure.

Recommended reading: How to generate secure passwords in PHP.


This is great! I needed the ability to force the use of certain characters to make the password. hanks! Good work!




God bless you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment