PasswordGenerator 3.0.0

.NET 8.0

dotnet add package PasswordGenerator --version 3.0.0

NuGet\Install-Package PasswordGenerator -Version 3.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="PasswordGenerator" Version="3.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="PasswordGenerator" Version="3.0.0" />
                    

                            Directory.Packages.props

<PackageReference Include="PasswordGenerator" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add PasswordGenerator --version 3.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: PasswordGenerator, 3.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package PasswordGenerator@3.0.0

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=PasswordGenerator&version=3.0.0
                    

                            Install as a Cake Addin

#tool nuget:?package=PasswordGenerator&version=3.0.0
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Password Generator

Password Logo

A cross-platform .NET library that generates cryptographically secure random passwords, passphrases, OTPs, API keys and readable identifiers. Configure it with a fluent API, ready-made presets (OWASP/NIST) or dependency injection — with async support and entropy estimation.

NuGet

Install via NuGet: Install-Package PasswordGenerator

Or click here to go to the package landing page

It targets net8.0 and net10.0, so it requires .NET 8 or later. If you need to run on .NET Framework or other older runtimes, use the 2.x line (which targets netstandard2.0).

Upgrading from 2.x? See the v2 → v3 migration guide. The v2 API still works; the one behavioural change is that invalid settings now throw (or use TryNext) instead of returning an error string as the "password".

Basic usage

The examples below assume using PasswordGenerator; (and, for the dependency-injection section, using Microsoft.Extensions.DependencyInjection;).

// By default, all character types are available and the length is 16.
// Returns a random password with the default settings.
var pwd = new Password();
var password = pwd.Next();

// Set the length. Must be between 4 and 256.
// Returns a password that is 32 characters long.
var pwd = new Password(32);
var password = pwd.Next();

// Choose which character types to include.
// Returns a 21-character password of lowercase and uppercase letters only.
var pwd = new Password(includeLowercase: true, includeUppercase: true, includeNumeric: false, includeSpecial: false, passwordLength: 21);
var password = pwd.Next();

Fluent usage

// Build up your requirements by chaining, e.g. .IncludeNumeric()
// Returns a numbers-only password with the default length of 16.
var pwd = new Password().IncludeNumeric();
var password = pwd.Next();

// Combine lower, upper and special characters the same way.
var pwd = new Password().IncludeLowercase().IncludeUppercase().IncludeSpecial();
var password = pwd.Next();

// As above, but with a length of 128.
var pwd = new Password(128).IncludeLowercase().IncludeUppercase().IncludeSpecial();
var password = pwd.Next();

// As above, but passing the length via LengthRequired().
var pwd = new Password().IncludeLowercase().IncludeUppercase().IncludeSpecial().LengthRequired(128);
var password = pwd.Next();

// Specify your own special characters.
var pwd = new Password().IncludeLowercase().IncludeUppercase().IncludeNumeric().IncludeSpecial("[]{}^_=");
var password = pwd.Next();

Presets

Ready-made starting points; later fluent calls still override them. See the standards mapping for the OWASP/NIST rationale.

string strong  = Password.ForOwasp().Next();            // full printable-ASCII pool, length 16
string nist    = Password.ForNist().Next();             // NIST-aligned, length 12
string otp     = Password.ForOtp(6).Next();             // 6-digit one-time code
string apiKey  = Password.ForApiKey(32).Next();         // URL-safe token
string envName = Password.ForEnvironmentName(12).Next();// readable id, no look-alike characters
string phrase  = Password.ForPassphrase(4).Next();      // e.g. "maple-river-quartz-bloom-42"
string strongPhrase = Password.ForPassphraseWithEntropy(80).Next(); // word count derived to clear 80 bits
string memorable = Password.ForMemorable().Next();      // capitalized, ~80+ bits, e.g. "Maple-River-Quartz-Bloom-Glade-Vivid-42"

ForPassphraseWithEntropy(targetBits) derives the word count needed to reach the target and enforces it as a floor. You can also pass minimumEntropyBits to ForPassphrase(...) to reject configurations that are too weak.

For sites that require a digit and a symbol, pass includeSymbol: true. A random symbol is attached to one randomly chosen word (e.g. maple-river#-quartz-bloom-42), so the phrase passes composition rules while staying memorable.

To omit the separator entirely, pass separator: null (or an empty string when binding from configuration); the words are concatenated directly, e.g. Password.ForPassphrase(4, separator: null).Next() → "mapleriverquartzbloom42". This does not change the passphrase's entropy — the separator is a fixed character and never contributes to strength — it only affects readability.

Quality controls

// Remove look-alike characters (I l 1 O 0 o)
var readable = new Password(20).ExcludeAmbiguous().Next();

// Guarantee at least N characters from a class.
// CharacterClass values: Lowercase, Uppercase, Numeric, Special.
var pwd = new Password(16).RequireAtLeast(CharacterClass.Numeric, 2).Next();

// Use a custom pool, or every printable ASCII character
var custom = new Password().WithCharacters("ABCDEF0123456789").LengthRequired(24).Next();
var ascii  = new Password().WithAllAscii().LengthRequired(40).Next();

// Estimate strength in bits
double bits = new Password(20).EstimateEntropyBits();

Error handling

// Next() throws ArgumentException when the settings can't produce a valid password.
var password = new Password(16).Next();

// TryNext() never throws; it returns false on invalid settings.
if (new Password(16).TryNext(out var result))
    Console.WriteLine(result);

Async and batches

Generate(count) returns a batch synchronously; the Async overloads return a ValueTask and honour a CancellationToken. The parameterless Generate() returns DefaultBatchCount passwords (1 by default; set the property to change it).

async Task ExampleAsync(CancellationToken cancellationToken)
{
    var pwd = new Password(16);

    string password            = await pwd.NextAsync(cancellationToken);
    IReadOnlyList<string> ten  = pwd.Generate(10);
    IReadOnlyList<string> ten2 = await pwd.GenerateAsync(10, cancellationToken);
}

Dependency injection

// Register once (optionally bind from appSettings.json)
services.AddPasswordGenerator(o =>
{
    o.Length = 20;
    o.IncludeSpecial = true;
    o.ExcludeAmbiguous = true;
});

// Inject IPasswordGenerator wherever you need it
public class SignupService(IPasswordGenerator generator)
{
    public string NewTempPassword() => generator.Next();
}

To register a passphrase generator instead, set the Passphrase options (or bind a Passphrase section from configuration):

services.AddPasswordGenerator(o =>
    o.Passphrase = new PassphraseOptions { WordCount = 6, Capitalize = true });

You can also bind from appSettings.json (code configuration still takes precedence over bound values, which in turn take precedence over the defaults):

{
  "PasswordGenerator": {
    "Length": 20,
    "IncludeSpecial": true,
    "ExcludeAmbiguous": true,
    "DefaultBatchCount": 5
  }
}

services.AddPasswordGenerator(config.GetSection("PasswordGenerator"));

Documentation

License & attribution

PasswordGenerator is licensed under the MIT License.

Passphrases are generated from the EFF Large Wordlist (7,776 words) by the Electronic Frontier Foundation, used under the Creative Commons Attribution 3.0 US license. See THIRD-PARTY-NOTICES.md for details.

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Microsoft.Extensions.Configuration.Binder (>= 10.0.8)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)
net8.0
- Microsoft.Extensions.Configuration.Binder (>= 10.0.8)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)

NuGet packages (19)

Showing the top 5 NuGet packages that depend on PasswordGenerator:

Package	Downloads
HexaEightJWTLibrary Create and Validate HexaEight JWT Tokens using this Libarary. This Library provides helper functions to implement HexaEight authenticated encryption and decryption of messages.	198.0K
FEB.ClusterAdmin.Models Package Description	90.4K
CocoriCore.Security Package Description	58.5K
DanSaul.SharedCode Package Description	31.6K
Modulytics.SharedKernel.Infrastructure Package Description	13.3K

GitHub repositories (3)

Showing the top 3 popular GitHub repositories that depend on PasswordGenerator:

Repository	Stars
Reaparr/Reaparr Plex downloader that brings content from any server to yours!	656
Crypto-Notepad/Crypto-Notepad 🔑 Simple notepad for Windows with encryption features	237
surveysolutions/surveysolutions Survey Solutions is a survey management and data collection system developed by the World Bank.	101

Version	Downloads	Last Updated
3.0.0	293	5/29/2026
3.0.0-beta02	95	5/27/2026
3.0.0-beta01	90	5/26/2026
2.1.0	10,359,129	1/4/2022
2.0.5	2,394,697	12/30/2019
2.0.4	18,152	12/16/2019
2.0.3	7,255	12/11/2019
2.0.2	5,005	12/9/2019
2.0.1	113,892	9/20/2019
2.0.0	21,402	9/4/2019
1.1.3	62,358	6/9/2019
1.1.2	77,258	11/16/2016
1.1.1	5,406	11/13/2016
1.1.0	5,368	11/13/2016
1.0.0	10,416	11/12/2016

3.0.0 is a major release: cryptographically secure RNG with unbiased sampling, exception/TryNext error handling, async APIs, dependency-injection support, presets (OWASP/NIST/OTP/API key/passphrase), custom pools, exclude-ambiguous, per-class minimums and entropy estimation. See the migration guide for upgrading from 2.x.