Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
A user friendly, strong password generator PHP function.
// Generates a strong password of N length containing at least one lower case letter,
// one uppercase letter, one digit, and one special character. The remaining characters
// in the password are chosen at random from those four sets.
// The available characters in each set are user friendly - there are no ambiguous
// characters such as i, l, 1, o, 0, etc. This, coupled with the $add_dashes option,
// makes it much easier for users to manually type or speak their passwords.
// Note: the $add_dashes option will increase the length of the password by
// floor(sqrt(N)) characters.
function generateStrongPassword($length = 9, $add_dashes = false, $available_sets = 'luds')
$sets = array();
if(strpos($available_sets, 'l') !== false)
$sets[] = 'abcdefghjkmnpqrstuvwxyz';
if(strpos($available_sets, 'u') !== false)
if(strpos($available_sets, 'd') !== false)
$sets[] = '23456789';
if(strpos($available_sets, 's') !== false)
$sets[] = '!@#$%&*?';
$all = '';
$password = '';
foreach($sets as $set)
$password .= $set[array_rand(str_split($set))];
$all .= $set;
$all = str_split($all);
for($i = 0; $i < $length - count($sets); $i++)
$password .= $all[array_rand($all)];
$password = str_shuffle($password);
return $password;
$dash_len = floor(sqrt($length));
$dash_str = '';
while(strlen($password) > $dash_len)
$dash_str .= substr($password, 0, $dash_len) . '-';
$password = substr($password, $dash_len);
$dash_str .= $password;
return $dash_str;
Copy link

ghost commented Nov 20, 2014


Copy link

InforMedic commented Mar 26, 2015

thx a lot!!

Copy link

ghost commented Mar 31, 2015

Great Code

Copy link

Shifrin commented May 3, 2015

Copy link

marklockhart commented Jun 18, 2015

Good work, thanks for the function

Copy link

kildeby commented Jun 30, 2015

I can't seem to make it display the password? How do I use it?

  • nevermind, I found out. Just sharing -> add:

@Shifrin: Your solution does not require a BIG LETTER, a small letter, a number (0-9) and a special character, which makes your password very much stronger.

Copy link

paragonie-scott commented Oct 21, 2015

Head's up: This gist is not secure. Neither array_rand() nor str_shuffle() are cryptographically secure.

Recommended reading: How to generate secure passwords in PHP.

Copy link

jasonglisson commented Jun 27, 2016

This is great! I needed the ability to force the use of certain characters to make the password. hanks! Good work!

Copy link

ghost commented Aug 12, 2016


Copy link

Xwalk-Company commented Sep 9, 2016


Copy link

spurgeonbj commented Sep 14, 2016

God bless you!

Copy link

hsali commented Oct 23, 2016

a good script.

Copy link

0ngsh commented Nov 8, 2016

Thanks,Very Useful

Copy link

sarment0 commented Nov 25, 2016

Good work!

Copy link

AlkarE commented Jun 9, 2017

Thanks a lot!

Copy link

caionorder commented Jun 30, 2017


Copy link

offixer commented Aug 17, 2017

Copy link

marufnajm commented Sep 21, 2017

A very good script. Thank you so much.

Copy link

ghost commented Nov 6, 2017

thank you 👍

Copy link

NikitaShkaruba commented Nov 20, 2017

Thank you dude! here)

Copy link

pishgahi commented Dec 16, 2017

thank you

Copy link

fabbro79 commented Dec 28, 2017


Copy link

compermisos commented Jan 2, 2018

make a forked version of this script, whit some improvments in crypt functions

Copy link

zoulema commented Feb 14, 2018


Copy link

ghost commented May 11, 2018

See my implementation works with all chars languages.

Copy link

DonPramis commented Aug 10, 2018

Here is easy no need to create password. 14 million password. Enjoy

Copy link

DonPramis commented Aug 26, 2018

I generate mine like this... but i need to include few symbols on this project

Copy link

Cocoking77 commented May 6, 2020

Thks a lot

Copy link

fmic64 commented Jun 10, 2020

Great! many many thanks!!!

Copy link

madurapa commented Jul 28, 2020


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment