NHS Login Password Requirements and Generator
Password Rules for NHS Login
- Length: At least 12 characters
- Uppercase letters required (A-Z)
- Lowercase letters required (a-z)
- Numbers required (0-9)
- Special characters required
- Allowed symbols:
#£$&*?"%@ - Note: At least two special characters or non-alphanumeric characters required. Two numbers required. At least two upper and two lower-case characters required. Password must be changed every 90 days. Cannot reuse any of the last 24 passwords.
Generate a Password for NHS Login
Standard mixed-character password with uppercase, lowercase, numbers, and symbols.
or press Space when focused
Reset to defaults
Detailed Requirements
| Rule | Value |
|---|---|
| Minimum Length | 12 characters |
| Uppercase Required | Yes |
| Lowercase Required | Yes |
| Numbers Required | Yes |
| Symbols Required | Yes |
| Allowed Symbols | #£$&*?"%@ |
| Notes | At least two special characters or non-alphanumeric characters required. Two numbers required. At least two upper and two lower-case characters required. Password must be changed every 90 days. Cannot reuse any of the last 24 passwords. |
Rules last verified: June 25, 2026
Frequently Asked Questions about NHS Login
- What are the password requirements for NHS Login?
- For NHS Login, passwords must be at least 12 characters, and you must include an uppercase letter, a lowercase letter, a number, a symbol.
- How long should my NHS Login password be?
- NHS Login requires a minimum of 12 characters. Aim for 16+ characters for strong security.
- Does NHS Login allow special characters in passwords?
- NHS Login requires at least one special character. Allowed symbols: #£$&*?"%@.
- How do I generate a strong password for NHS Login?
- Use the password generator on this page — it's already configured to match NHS Login's rules. Click "Generate Password" and copy the result. For maximum security pick a length of 16 or more.
- Is the PassTailor generator safe to use for NHS Login?
- Yes. Passwords are generated entirely in your browser using the cryptographically secure Web Crypto API. Nothing is sent to our servers and nothing is stored.