Free · Fast · Privacy-first

Generate a Strong Wi-Fi Password

Wi-Fi passwords sit in an unusual position in your security stack because they have to be strong enough to resist offline cracking attacks while also being practical to type on the worst input methods in your home, including TV remote controls, game console on-screen keyboards, and visiting friends' phones.

Balances security and typability

🔒

Avoids ambiguous characters (0, O, 1, l, I) optional

WPA2/WPA3 compatible length

No sign-up required

Cost
Free forever
Sign-up
Not required
Processing
In your browser
Privacy
Files stay local
FreeNo signupWhite-label

Add this Password Generator to your website

Drop the Password Generator into any page — blog post, product docs, intranet, school portal — with a single line of HTML. Your visitors get the full tool, processed entirely in their browser. No backend, no uploads, no signup.

  • Files stay 100% in the visitor's browser
  • Responsive — adapts to any container width
  • Free forever, no API key needed

Embed code

<iframe
  src="https://www.fixtools.io/utilities/password-generator?embed=1"
  width="100%"
  height="780"
  frameborder="0"
  style="border:0;border-radius:16px;max-width:900px;"
  title="Password Generator by FixTools"
  loading="lazy"
  allow="clipboard-write"
></iframe>

Attribution-friendly: a small "Powered by FixTools" link appears in the embed footer.

Securing Your Home or Office Wi-Fi with the Right Password Strategy

A Wi-Fi password is the only thing standing between the wireless interface on your router and anyone within radio range of your building. A weak password gives a determined attacker the ability to associate with your network, intercept and modify traffic from any device on it, route malicious activity through your IP address, and in many home configurations pivot directly into network-attached storage drives, printers, security cameras, and smart-home hubs. The WPA2 protocol, which remains the most widely deployed Wi-Fi security standard, has a structural weakness against offline password attacks. An attacker within range can passively capture the four-way handshake that happens when any device joins your network, then walk away and crack the captured handshake at their leisure using specialised hardware. A password short enough to be cracked in this scenario offers essentially no protection, because the attacker never has to interact with your network during the cracking phase.

The good news is that the cracking-speed problem has a simple defensive answer, which is to make the password long enough that even the fastest current and projected hardware would take longer than is interesting to exhaust the search space. WPA2 and WPA3 accept passphrases from eight to sixty-three characters, and offline attacks on a captured WPA2 handshake run at billions of guesses per second on a well-equipped GPU rig. At that speed, an eight-character password falls within minutes and a twelve-character password falls within days. A twenty-character password drawn from the 62-character alphanumeric alphabet has about 119 bits of entropy, which puts it comfortably beyond the reach of any plausible offline attack regardless of how the hardware improves over the next decade. Twenty characters is the practical recommendation for any home or office Wi-Fi network you care about.

Typability matters more for Wi-Fi than for most other passwords because the credential gets entered on devices with bad input methods. Smart TVs, game consoles, streaming sticks, and IoT devices often present an on-screen keyboard that you navigate with arrow keys, which makes symbols and mixed case painful to enter. The best compromise is to use only letters and digits, push the length up to compensate for the missing alphabet, and turn on the option to exclude visually ambiguous characters so the password is easy to read aloud or type from a printed sheet. The resulting credential is just as secure as a shorter symbol-heavy alternative and far less likely to produce typos that lock a device out of the network.

Most modern routers also support a guest network feature, which lets you publish a separate SSID with its own simpler password that visitors can connect to without seeing the credential for your main network. The guest network is typically isolated from your internal devices, so even if a visitor is malicious or their device is compromised, they cannot reach your printers, NAS, or smart-home equipment. Keeping the main network locked down with a long random alphanumeric password and routing all casual access through the guest network is the cleanest setup for a household that has occasional visitors, contractors, or short-term rentals.

How to use this tool

💡

Generate a 20-character Wi-Fi password using letters and numbers. Enable the "avoid ambiguous characters" option for easier manual entry on new devices.

How It Works

Step-by-step guide to generate a strong wi-fi password:

  1. 1

    Set length to 20+ characters

    Move the length slider to at least twenty characters. WPA2 and WPA3 networks benefit disproportionately from length because the offline-attack threat model means cracking speed is bounded only by hardware rather than by any rate limit, so each additional character meaningfully extends the cracking time required.

  2. 2

    Choose letters and numbers

    Restrict the character set to lowercase letters, uppercase letters, and digits. The alphanumeric alphabet is large enough to give you strong security at twenty characters while staying typable on TV remote controls, game console on-screen keyboards, and the rest of the awkward input devices that show up on a home network.

  3. 3

    Enable avoid ambiguous characters

    Toggle the option that excludes visually similar characters such as the digit zero next to the letter O and the digit one next to the lowercase L and uppercase I. The exclusion costs you almost nothing in entropy at twenty characters and prevents a significant fraction of the transcription errors that happen when someone reads a password aloud or types it from a printed card.

  4. 4

    Copy and apply in your router settings

    Copy the generated value, log into your router's admin interface, navigate to the wireless security settings, and paste the password into the WPA2 or WPA3 passphrase field. Save the router configuration, save the new password in your password manager, and update each of your existing devices with the new credential as they reconnect.

Real-world examples

Common situations where this approach makes a real difference:

Home router setup

A homeowner replacing an old router pulls up FixTools during the initial setup wizard, generates a twenty-two character alphanumeric password with ambiguous characters excluded, and pastes it into the new router's wireless configuration page. They print the password on a small card that lives in a kitchen drawer for visitors who need to type it manually, and save the same value in their password manager so they can read it back on any device they own.

Office Wi-Fi renewal

An IT manager on the office's quarterly rotation schedule generates a new main-network password at twenty-four characters and a separate guest-network password at sixteen characters. The main password goes into the company password manager with role-based access for the few people who need to provision devices, while the guest password is printed on the reception desk card so visitors and contractors can connect without ever seeing the main credential.

Airbnb guest network

A short-term rental host configures a dedicated guest network on the property router, generates a sixteen-character alphanumeric password that is easy for guests to type on phones and laptops, and produces a printable Wi-Fi QR code so most guests can connect by scanning rather than typing. The host rotates the password between guest stays so a previous guest cannot reconnect after they have left the property.

When to use this guide

Use this when setting up a new router, changing your Wi-Fi password, or creating a separate guest network password.

Pro tips

Get better results with these expert suggestions:

1

Pair your Wi-Fi password with a printable QR code

After you set a new Wi-Fi password, use the FixTools QR Code Generator to produce a Wi-Fi-format QR code that encodes the SSID and credential together. Print the code and place it somewhere visible in the relevant room. Guests scan the code with their phone camera and connect automatically without ever seeing or typing the underlying password, which lets you keep the credential long and complex without sacrificing convenience.

2

Store the Wi-Fi password in your router admin backup

When you change your Wi-Fi password, update the corresponding entry in your password manager and also include the new value in your router configuration backup. If you ever factory-reset the router, you will need the password from your records to reprovision every device on the network, and a router that has been reset will not still know its own previous Wi-Fi credential.

3

Use WPA3 if your router supports it

WPA3 introduces Simultaneous Authentication of Equals, which replaces the WPA2 four-way handshake with a protocol that does not leak any password-cracking material to a passive eavesdropper. If your router and all your devices support WPA3, enable it. Combined with a twenty-character password the resulting network is extremely difficult to compromise even by an attacker physically close to the building with access to top-end cracking hardware.

4

Change your password after a tenant or regular visitor leaves

There is no built-in way to revoke individual device access to a Wi-Fi network without changing the password and forcing everyone to reconnect. After a tenant moves out, a regular cleaner stops working for you, or a contractor finishes a long project, generate a new password, update it on the router, and reconnect your own devices. The brief inconvenience is the price of removing access from someone who no longer should have it.

5

Use 20+ characters for Wi-Fi passwords

WPA2 and WPA3 support passwords up to 63 characters. A 20+ character password makes offline dictionary attacks computationally infeasible even with dedicated Wi-Fi cracking hardware.

6

Avoid symbols if you share the password often

Symbols like ! and @ are hard to type on TV remotes and game console on-screen keyboards. A long password using only letters and numbers is both secure and far easier to type on devices with poor input methods.

7

Create a separate guest network with its own password

Keep your main Wi-Fi password complex and private. Create a separate guest network with a simpler, shareable password that you can change regularly without affecting your own devices.

FAQ

Frequently asked questions

WPA2 and WPA3 both support passphrases from eight to sixty-three characters. There is no practical security reason to use anything shorter than twenty characters, and the extra length costs you nothing because the credential lives in your password manager and your devices remember it after the first connection. Going up to thirty characters or beyond is fine if you want extra margin, although the marginal security benefit at that point is small.
Generally no. Symbols are painful to type on TV remote controls, game console on-screen keyboards, and many IoT setup interfaces, and a longer alphanumeric password reaches the same security level without the typability cost. If you are confident that every device on your network can handle symbols easily, you can include them and slightly shorten the length, but the cleaner choice is to go alphanumeric and aim for twenty or more characters.
Change it when there is a reason. A tenant leaving, a cleaner whose access you want to revoke, a contractor finishing a project, or a suspicion that the password leaked all justify rotation. Calendar-driven rotation without a triggering event tends to push people toward minor variations of the previous password and disrupts every device on the network for no real security gain, so it is generally not worth the friction in a home setting.
Only if they capture your WPA2 handshake and your password is short enough to be cracked offline with the hardware they have. A twenty-character alphanumeric password is computationally infeasible to crack with any current or projected consumer or professional hardware, so the realistic answer is no. If you are using WPA3, the offline-attack vector is closed entirely regardless of password length, because the protocol no longer leaks the cracking-friendly handshake.
They are two completely separate credentials. The Wi-Fi password authenticates devices that want to join your wireless network, while the router admin password authenticates anyone trying to log into the router's management interface to change its settings. Both should be strong, unique, and stored in your password manager. Forgetting to change the default router admin password from the manufacturer's factory value is a common and serious mistake because the default is publicly documented for every router model.
Generate a Wi-Fi format QR code that encodes the SSID, security type, and password together, either using the FixTools QR Code Generator or your router's built-in QR feature if it has one. Guests scan the code with their phone camera and connect automatically. The underlying password stays long and complex while the experience of connecting becomes a single scan rather than careful manual typing on each new device.
No. The password is only used during the initial authentication handshake when a device joins the network. Once a device is associated, traffic is encrypted with session keys that are negotiated during the handshake and that have nothing to do with the length or complexity of the underlying passphrase. A twenty-character password and a ten-character password produce identical throughput once each device is connected.
Retrieve it from your password manager if you saved it there. If not, log into your router's admin interface, where the password is typically visible in plain text in the wireless settings section. If you have lost access to both the manager entry and the router admin interface, your only remaining option is to factory-reset the router and configure a new password, after which every existing device on the network has to be reconnected manually using the new credential.
Not necessarily. A guest network is usually isolated from your main network, so the worst-case impact of guest password compromise is limited to bandwidth theft and someone routing traffic through your IP address. A sixteen-character alphanumeric guest password is strong enough for almost any threat model, and shorter is easier to share verbally or print on a reception card without errors. Rotate the guest password more frequently than the main password if visitors come and go.
For personal SSID and passphrase configurations, including WPA2-Personal and WPA3-Personal, the generated values plug straight into the router or access point configuration. Enterprise Wi-Fi using WPA2-Enterprise or WPA3-Enterprise typically authenticates with per-user credentials against a RADIUS server rather than a shared passphrase, in which case you would generate per-user passwords with the same tool and provision them through your identity management system rather than as a single network-wide credential.

Ready to get started?

Open the full Password Generator — free, no account needed, works on any device.

Open Password Generator →

Free · No account needed · Works on any device