diff --git a/src/Utility/Security.php b/src/Utility/Security.php
index 89a79f746ba..52edd2be80a 100644
--- a/src/Utility/Security.php
+++ b/src/Utility/Security.php
@@ -136,11 +136,11 @@ public static function randomBytes($length)
     /**
      * Creates a secure random string.
      *
-     * @param int $length String length
+     * @param int $length String length. Default 64.
      * @return string
      * @since 3.6.0
      */
-    public static function randomString($length)
+    public static function randomString($length = 64)
     {
         return substr(
             bin2hex(Security::randomBytes(ceil($length / 2))),
diff --git a/tests/TestCase/Utility/SecurityTest.php b/tests/TestCase/Utility/SecurityTest.php
index 7061dc59d66..086d00cf2ed 100644
--- a/tests/TestCase/Utility/SecurityTest.php
+++ b/tests/TestCase/Utility/SecurityTest.php
@@ -344,7 +344,7 @@ public function testRandomString()
         $value = Security::randomString(7);
         $this->assertSame(7, strlen($value));
 
-        $value = Security::randomString(64);
+        $value = Security::randomString();
         $this->assertSame(64, strlen($value));
 
         $this->assertRegExp('/^[0-9a-f]+$/', $value, 'should return a ASCII string');