15-Character Password Generator
Generate a strong, random 15-character password instantly in your browser. Free, secure, nothing stored or transmitted.
Click to copy
Fifteen characters is the length NIST now points to as a recommended minimum for memorized secrets, and it sits in the zone where brute-force attacks stop being a realistic threat entirely. A random 15-character password drawn from the full set of uppercase letters, lowercase letters, numbers, and symbols carries roughly 96 bits of entropy — so far beyond any classical computer's reach that the only practical risks become phishing, malware, or a breach at the service itself, not guessing. Fifteen is also a useful target because many systems that struggle with very long passwords still accept it comfortably. This generator produces every character with cryptographic randomness from your browser's crypto.getRandomValues() API; no password is ever transmitted, logged, or stored. Because a truly random 15-character string is not memorable, generate it here, copy it, and keep it in a reputable password manager — one unique password per account.
Frequently Asked Questions
Why 15 characters specifically?
NIST’s updated SP 800-63B guidance recommends a 15-character minimum for memorized secrets, up from the older 8-character floor. Fifteen random characters with mixed types reach about 96 bits of entropy — effectively uncrackable by brute force — while still fitting within the length limits of virtually every service.
Is a 15-character password better than a 16-character one?
The difference between 15 and 16 characters is marginal: both are far beyond brute-force range. Choose 15 when a site or standard specifies it, or 16+ when you simply want the maximum margin. What matters far more than one character is that the password is fully random and unique to a single account.
Can a 15-character password be cracked?
Not by brute force. At roughly 96 bits of entropy the keyspace is astronomically large — an attacker testing 10 billion guesses per second would still need far longer than the age of the universe. The realistic risks are password reuse, phishing, and malware, none of which depend on length.
How long would a 15-character password take to crack?
At roughly 96 bits of entropy, brute force is hopeless: an attacker testing 10 billion guesses per second would need far longer than the age of the universe. Any realistic compromise would come from phishing, malware, or reuse — never from guessing.
Does 15 characters meet the latest NIST guidance?
Yes. NIST SP 800-63B's updated guidance recommends a 15-character minimum for memorized secrets, above the older 8-character floor, so a random 15-character password aligns with current best practice while staying compatible with virtually every service.
Should I use 15 characters everywhere?
It is an excellent default. Use 15 or more for any account that matters, and only go shorter when a site enforces a lower maximum. Store each one in a password manager so length never becomes an inconvenience.
More generators
Written & reviewed by Andrew Ivanov, Fractional CTO. Last reviewed .