Password for
Minecraft (Mojang)
Minecraft sign-in now runs through a Microsoft account, which requires a minimum of 8 characters with no upper length limit and accepts uppercase, lowercase, numbers and symbols — but the minimum is far too weak for a credential that owns your Minecraft licence, your worlds and skins, and, because it is a full Microsoft account, potentially Outlook email, OneDrive and a stored payment method too. The practical recommendation in 2026 is a 14-character random string drawing from all four character classes, which produces roughly 92 bits of entropy and is computationally infeasible to brute-force offline. Generate one below — it is created inside your browser using the Web Crypto API and never sent to a server. Since the same Microsoft account also covers Xbox and Game Pass, this one password guards several services. Pair it with Microsoft's two-step verification so a leaked password alone can never take over your account.
guesses / second
Minecraft (Mojang) password rules
Gaming accounts are frequently targeted for in-game items and linked payment cards. Use a unique, strong password and enable 2FA.
The maths is unforgiving. An 8-character password using only lowercase letters gives 26⁸ = roughly 209 billion combinations, which a single consumer GPU can exhaust in minutes, and even meeting the Microsoft account minimum across all four character classes only reaches about 52 bits — still recoverable in days offline. Only when you reach 12 characters with all four classes does the keyspace become genuinely impractical to attack offline. The 14-character mixed default this page generates puts you at roughly 92 bits of entropy — comfortably above the NIST SP 800-63B recommendation of 80 bits for high-value accounts, and well past the point where an offline cracking rig is worth running.
Why Minecraft (Mojang) accounts are targeted
Minecraft accounts are heavily targeted because the game's vast, often young player base reuses passwords freely, and a stolen account carries resale value through its game licence, capes and migrated Microsoft identity. Now that Minecraft logins are full Microsoft accounts, a successful takeover can also reach Xbox, email and a stored payment method, multiplying the payoff. The attack is credential stuffing rather than guessing: leaked email-and-password pairs from unrelated breaches are replayed against Microsoft's sign-in at scale, and reuse guarantees some land. A unique, high-entropy password is what stops a breach on some other site from handing over your Minecraft account and the Microsoft identity behind it.
Source for Minecraft (Mojang)'s password rules: Minecraft (Mojang)'s official help page.
Common questions about Minecraft (Mojang) passwords
More gaming password generators
View all →More tools
Reviewed by Marcin Lewandowski — product designer, 20+ years building digital products and privacy-respecting tools.
Last reviewed: . Reviewed quarterly; primary sources re-checked each review.