diff --git a/password/.gitignore b/password/.gitignore
new file mode 100644
index 0000000..c2f3b56
--- /dev/null
+++ b/password/.gitignore
@@ -0,0 +1,2 @@
+
+password
diff --git a/password/Dockerfile b/password/Dockerfile
new file mode 100644
index 0000000..134cb2c
--- /dev/null
+++ b/password/Dockerfile
@@ -0,0 +1,3 @@
+FROM alpine
+ADD password /password
+ENTRYPOINT [ "/password" ]
diff --git a/password/Makefile b/password/Makefile
new file mode 100644
index 0000000..34c1e2b
--- /dev/null
+++ b/password/Makefile
@@ -0,0 +1,27 @@
+
+GOPATH:=$(shell go env GOPATH)
+.PHONY: init
+init:
+	go install github.com/golang/protobuf/protoc-gen-go@latest
+	go install github.com/micro/micro/v3/cmd/protoc-gen-micro@latest
+	go install github.com/micro/micro/v3/cmd/protoc-gen-openapi@latest
+
+.PHONY: api
+api:
+	protoc --openapi_out=. --proto_path=. proto/password.proto
+
+.PHONY: proto
+proto:
+	protoc --proto_path=. --micro_out=. --go_out=:. proto/password.proto
+	
+.PHONY: build
+build:
+	go build -o password *.go
+
+.PHONY: test
+test:
+	go test -v ./... -cover
+
+.PHONY: docker
+docker:
+	docker build . -t password:latest
diff --git a/password/README.md b/password/README.md
new file mode 100644
index 0000000..f646ffa
--- /dev/null
+++ b/password/README.md
@@ -0,0 +1,6 @@
+Generate strong passwords
+
+# Password Service
+
+Generate strong passwords used for signing up to services. Optionally specify length, 
+whether to include numbers, symbols and upper or lowercase characters.
diff --git a/password/examples.json b/password/examples.json
new file mode 100644
index 0000000..9b5a6cf
--- /dev/null
+++ b/password/examples.json
@@ -0,0 +1,14 @@
+
+{
+    "generate": [{
+        "title": "Generate password",
+        "description": "Generate a strong password",
+        "run_check": false,
+        "request": {
+            "length": 16
+        },
+        "response": {
+            "password": "jSUHz74x8qW#aXRe"
+        }
+    }]
+}
diff --git a/password/generate.go b/password/generate.go
new file mode 100644
index 0000000..96f431a
--- /dev/null
+++ b/password/generate.go
@@ -0,0 +1,2 @@
+package main
+//go:generate make proto
diff --git a/password/handler/password.go b/password/handler/password.go
new file mode 100644
index 0000000..c236f2d
--- /dev/null
+++ b/password/handler/password.go
@@ -0,0 +1,49 @@
+package handler
+
+import (
+	"context"
+	"crypto/rand"
+
+	pb "github.com/micro/services/password/proto"
+)
+
+
+var (
+	minLength = 8
+
+	special = "!@#$%&*"
+	numbers = "0123456789"
+	lowercase = "abcdefghijklmnopqrstuvwxyz"
+	uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	allChars = special + numbers + lowercase + uppercase
+)
+
+func random(chars string, i int) string {
+        bytes := make([]byte, i)
+
+        for {
+                rand.Read(bytes)
+                for i, b := range bytes {
+                        bytes[i] = chars[b%byte(len(chars))]
+                }
+		break
+        }
+
+        return string(bytes)
+}
+
+
+type Password struct{}
+
+func (p *Password) Generate(ctx context.Context, req *pb.GenerateRequest, rsp *pb.GenerateResponse) error {
+	if req.Length <= 0 {
+		req.Length = int32(minLength)
+	}
+
+	// TODO; allow user to specify types of characters
+
+	// generate and return password
+	rsp.Password = random(allChars, int(req.Length))
+
+	return nil
+}
diff --git a/password/main.go b/password/main.go
new file mode 100644
index 0000000..8a2bc0f
--- /dev/null
+++ b/password/main.go
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"github.com/micro/services/password/handler"
+	pb "github.com/micro/services/password/proto"
+
+	"github.com/micro/micro/v3/service"
+	"github.com/micro/micro/v3/service/logger"
+)
+
+func main() {
+	// Create service
+	srv := service.New(
+		service.Name("password"),
+		service.Version("latest"),
+	)
+
+	// Register handler
+	pb.RegisterPasswordHandler(srv.Server(), new(handler.Password))
+
+	// Run service
+	if err := srv.Run(); err != nil {
+		logger.Fatal(err)
+	}
+}
diff --git a/password/micro.mu b/password/micro.mu
new file mode 100644
index 0000000..667cbe7
--- /dev/null
+++ b/password/micro.mu
@@ -0,0 +1 @@
+service password
diff --git a/password/proto/password.pb.go b/password/proto/password.pb.go
new file mode 100644
index 0000000..5c7531a
--- /dev/null
+++ b/password/proto/password.pb.go
@@ -0,0 +1,216 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.15.6
+// source: proto/password.proto
+
+package password
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Generate a strong random password
+type GenerateRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// password length; defaults to 16 chars
+	Length int32 `protobuf:"varint,1,opt,name=length,proto3" json:"length,omitempty"`
+}
+
+func (x *GenerateRequest) Reset() {
+	*x = GenerateRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_password_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GenerateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GenerateRequest) ProtoMessage() {}
+
+func (x *GenerateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_password_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GenerateRequest.ProtoReflect.Descriptor instead.
+func (*GenerateRequest) Descriptor() ([]byte, []int) {
+	return file_proto_password_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GenerateRequest) GetLength() int32 {
+	if x != nil {
+		return x.Length
+	}
+	return 0
+}
+
+type GenerateResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The generated password
+	Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
+}
+
+func (x *GenerateResponse) Reset() {
+	*x = GenerateResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_proto_password_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GenerateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GenerateResponse) ProtoMessage() {}
+
+func (x *GenerateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_proto_password_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GenerateResponse.ProtoReflect.Descriptor instead.
+func (*GenerateResponse) Descriptor() ([]byte, []int) {
+	return file_proto_password_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GenerateResponse) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+var File_proto_password_proto protoreflect.FileDescriptor
+
+var file_proto_password_proto_rawDesc = []byte{
+	0x0a, 0x14, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
+	0x22, 0x29, 0x0a, 0x0f, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0x2e, 0x0a, 0x10, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x32, 0x4f, 0x0a, 0x08, 0x50,
+	0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x43, 0x0a, 0x08, 0x47, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x2e, 0x47,
+	0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a,
+	0x2e, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x12, 0x5a, 0x10,
+	0x2e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3b, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_proto_password_proto_rawDescOnce sync.Once
+	file_proto_password_proto_rawDescData = file_proto_password_proto_rawDesc
+)
+
+func file_proto_password_proto_rawDescGZIP() []byte {
+	file_proto_password_proto_rawDescOnce.Do(func() {
+		file_proto_password_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_password_proto_rawDescData)
+	})
+	return file_proto_password_proto_rawDescData
+}
+
+var file_proto_password_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_proto_password_proto_goTypes = []interface{}{
+	(*GenerateRequest)(nil),  // 0: password.GenerateRequest
+	(*GenerateResponse)(nil), // 1: password.GenerateResponse
+}
+var file_proto_password_proto_depIdxs = []int32{
+	0, // 0: password.Password.Generate:input_type -> password.GenerateRequest
+	1, // 1: password.Password.Generate:output_type -> password.GenerateResponse
+	1, // [1:2] is the sub-list for method output_type
+	0, // [0:1] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_proto_password_proto_init() }
+func file_proto_password_proto_init() {
+	if File_proto_password_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_proto_password_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GenerateRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_proto_password_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GenerateResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_proto_password_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_proto_password_proto_goTypes,
+		DependencyIndexes: file_proto_password_proto_depIdxs,
+		MessageInfos:      file_proto_password_proto_msgTypes,
+	}.Build()
+	File_proto_password_proto = out.File
+	file_proto_password_proto_rawDesc = nil
+	file_proto_password_proto_goTypes = nil
+	file_proto_password_proto_depIdxs = nil
+}
diff --git a/password/proto/password.pb.micro.go b/password/proto/password.pb.micro.go
new file mode 100644
index 0000000..26afc7e
--- /dev/null
+++ b/password/proto/password.pb.micro.go
@@ -0,0 +1,93 @@
+// Code generated by protoc-gen-micro. DO NOT EDIT.
+// source: proto/password.proto
+
+package password
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	math "math"
+)
+
+import (
+	context "context"
+	api "github.com/micro/micro/v3/service/api"
+	client "github.com/micro/micro/v3/service/client"
+	server "github.com/micro/micro/v3/service/server"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
+var _ context.Context
+var _ client.Option
+var _ server.Option
+
+// Api Endpoints for Password service
+
+func NewPasswordEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
+// Client API for Password service
+
+type PasswordService interface {
+	Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error)
+}
+
+type passwordService struct {
+	c    client.Client
+	name string
+}
+
+func NewPasswordService(name string, c client.Client) PasswordService {
+	return &passwordService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *passwordService) Generate(ctx context.Context, in *GenerateRequest, opts ...client.CallOption) (*GenerateResponse, error) {
+	req := c.c.NewRequest(c.name, "Password.Generate", in)
+	out := new(GenerateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Password service
+
+type PasswordHandler interface {
+	Generate(context.Context, *GenerateRequest, *GenerateResponse) error
+}
+
+func RegisterPasswordHandler(s server.Server, hdlr PasswordHandler, opts ...server.HandlerOption) error {
+	type password interface {
+		Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error
+	}
+	type Password struct {
+		password
+	}
+	h := &passwordHandler{hdlr}
+	return s.Handle(s.NewHandler(&Password{h}, opts...))
+}
+
+type passwordHandler struct {
+	PasswordHandler
+}
+
+func (h *passwordHandler) Generate(ctx context.Context, in *GenerateRequest, out *GenerateResponse) error {
+	return h.PasswordHandler.Generate(ctx, in, out)
+}
diff --git a/password/proto/password.proto b/password/proto/password.proto
new file mode 100644
index 0000000..728e935
--- /dev/null
+++ b/password/proto/password.proto
@@ -0,0 +1,22 @@
+syntax = "proto3";
+
+package password;
+
+option go_package = "./proto;password";
+
+service Password {
+	rpc Generate(GenerateRequest) returns (GenerateResponse) {}
+}
+
+// Generate a strong random password
+message GenerateRequest {
+	// password length; defaults to 16 chars
+	int32 length = 1;
+}
+
+message GenerateResponse {
+	// The generated password
+	string password = 1;
+}
+
+
diff --git a/password/publicapi.json b/password/publicapi.json
new file mode 100644
index 0000000..725af30
--- /dev/null
+++ b/password/publicapi.json
@@ -0,0 +1,6 @@
+{
+  "name": "password",
+  "icon": "🔑",
+  "category": "authentication",
+  "display_name": "Passwords"
+}