diff --git a/genpass.module b/genpass.module
index b35b1d9..5d31623 100644
--- a/genpass.module
+++ b/genpass.module
@@ -26,17 +26,16 @@ function genpass_generate() {
 }
 
 /**
- * Generate a new password using genpass's internal password generation
- * algorithm.
- * Based on the original D6 user_password function (with more characters)
+ * Generates random password.
  *
- * @return a fresh password according to the settings made in /admin/user/settings
+ * @see user_password()
  *
- * @see genpass_form_alter()
+ * @return string
+ *   The random string.
  */
 function genpass_password() {
   $pass = '';
-  $length = variable_get('genpass_length', 8);
+  $length = variable_get('genpass_length', 12);
   $allowable_characters = variable_get('genpass_entropy', _genpass_default_entropy());
 
   // Zero-based count of characters in the allowable list:
@@ -44,9 +43,14 @@ function genpass_password() {
 
   // Loop the number of times specified by $length.
   for ($i = 0; $i < $length; $i++) {
+    do {
+      // Find a secure random number within the range needed.
+      $index = ord(drupal_random_bytes(1));
+    } while ($index > $len);
+
     // Each iteration, pick a random character from the
     // allowable string and append it to the password:
-    $pass .= $allowable_characters[mt_rand(0, $len)];
+    $pass .= $allowable_characters[$index];
   }
 
   return $pass;
@@ -90,7 +94,7 @@ function genpass_form_alter(&$form, $form_state, $form_id) {
       $form['registration']['genpass_length'] = array(
         '#type' => 'textfield',
         '#title' => t('Generated password length'),
-        '#default_value' => variable_get('genpass_length', 8),
+        '#default_value' => variable_get('genpass_length', 12),
         '#size' => 2,
         '#maxlength' => 2,
         '#description' => t('Set the length of generated passwords here. Allowed range: 5 to 32.'),