diff --git a/CHANGELOG.md b/CHANGELOG.md
index c036a4b50930c222ad66d2f14a71fde663798c5b..7bb0cc59700172b87d2c824b06c553b00355c832 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased] ##
 
 ### Added ###
+- function in administration that generates passwords that comply with the
+  rules
 
 ### Changed ###
 
diff --git a/src/caosdb/common/administration.py b/src/caosdb/common/administration.py
index dff461e7fb0ed5270119907bd4ad859503b3ce21..cef0bd1cf6fceb9d8ec89324ba9ca540b79889cb 100644
--- a/src/caosdb/common/administration.py
+++ b/src/caosdb/common/administration.py
@@ -26,6 +26,9 @@
 
 """missing docstring."""
 
+import re
+import string
+import random
 from caosdb.common.utils import xml2str
 from caosdb.connection.connection import get_connection
 from caosdb.exceptions import (EntityDoesNotExistError, HTTPClientError,
@@ -56,7 +59,8 @@ def set_server_property(key, value):
         con._form_data_request(method="POST", path="_server_properties",
                                params={key: value}).read()
     except EntityDoesNotExistError:
-        raise ServerConfigurationException("Debug mode in server is probably disabled.") from None
+        raise ServerConfigurationException(
+            "Debug mode in server is probably disabled.") from None
 
 
 def get_server_properties():
@@ -71,9 +75,11 @@ def get_server_properties():
     """
     con = get_connection()
     try:
-        body = con._http_request(method="GET", path="_server_properties").response
+        body = con._http_request(
+            method="GET", path="_server_properties").response
     except EntityDoesNotExistError:
-        raise ServerConfigurationException("Debug mode in server is probably disabled.") from None
+        raise ServerConfigurationException(
+            "Debug mode in server is probably disabled.") from None
 
     xml = etree.parse(body)
     props = dict()
@@ -108,6 +114,39 @@ def get_server_property(key):
     return get_server_properties()[key]
 
 
+def generate_password(length: int):
+    """Create a random password that fulfills the security requirements
+
+    Parameters
+    ----------
+    length : int
+        Length of the generated password.  Has to be greater than 7.
+
+    Returns
+    -------
+    password : string
+        Generated random password of the given length
+
+    Raises
+    ------
+    ValueError:
+        If the length is less than 8.
+    """
+    minimum_password_length = 8
+    if length < minimum_password_length:
+        raise ValueError("CaosDB passwords have to be at least {} characters.".format(
+            minimum_password_length))
+    sample_letters = string.ascii_letters + string.digits + "!#$%*+-/:;?_"
+    password = ''.join((random.choice(sample_letters) for i in range(length)))
+
+    while not re.match(r"(?=.*[A-Z])(?=.*[a-z])(?=.*\d)(?=.*[\W_]).{8,}",
+                       password):
+        password = ''.join((random.choice(sample_letters)
+                            for i in range(length)))
+
+    return password
+
+
 def _retrieve_user(name, realm=None, **kwargs):
     con = get_connection()
     try: