Have I Been Pwned Password Requirements and Generator
Password Rules for Have I Been Pwned
Password rules for Have I Been Pwned have not been verified yet. Using default settings — your password will still be strong and secure.
Generate a Password for Have I Been Pwned
Standard mixed-character password with uppercase, lowercase, numbers, and symbols.
or press Space when focused
Reset to defaults
Rules last verified: May 16, 2026
Frequently Asked Questions about Have I Been Pwned
- What are the password requirements for Have I Been Pwned?
- Have I Been Pwned's exact password requirements have not been verified yet. Most services require at least 8 characters with a mix of letters and numbers — the PassTailor generator above will produce a strong, broadly compatible password.
- How long should my Have I Been Pwned password be?
- We recommend at least 16 characters for any account. Have I Been Pwned's exact length limits are not yet verified.
- Does Have I Been Pwned allow special characters in passwords?
- Have I Been Pwned's symbol policy hasn't been confirmed. The generator above defaults to widely-accepted symbols like ! @ # $ % & * to maximize compatibility.
- How do I generate a strong password for Have I Been Pwned?
- Use the password generator on this page — it's already configured to match Have I Been Pwned's rules. Click "Generate Password" and copy the result. For maximum security pick a length of 16 or more.
- Is the PassTailor generator safe to use for Have I Been Pwned?
- Yes. Passwords are generated entirely in your browser using the cryptographically secure Web Crypto API. Nothing is sent to our servers and nothing is stored.
