Using a password generator to create a secure password is part of a broad approach to securing access to corporate apps, devices, and data. The password is synonymous with internet use, so much so that according to NordPass researchers, the average number of passwords each of us has to remember is 70-80. Even when biometrics are used for login, a password or PIN is the fallback recovery when the biometric system fails.
Password reuse is a known workaround for multiple passwords. This is understandable, as creating strong passwords for sites with varying password policies and then remembering them can cause cognitive overload.
What is a Strong Password?
When cyber security professionals talk about a “strong password” or “password strength,” they are referring to how easy (or hard) it is for a cybercriminal to break the password. You can use an online password strength checker to see how long it would take to crack a common password.
Here is an example of common passwords and how ‘strong’ they are, aka how long it takes to crack them:
Top three most common passwords according to the latest research from DashLane (September 2022):
- password (instant)
- 123456 (instant)
- 123456789 (instant)
The time to crack each password is in brackets: information from NordPass.
A strong password should be unpredictable, composed of a mix of uppercase and lowercase, more than ten characters long, and contain numbers and special characters. For example, wE4!*tHokl94! would take 31 years to crack. However, imagine creating 70 new passwords using that format, all unique, and then having to remember them all.
Why Use a Password Generator
Our passwords must be held sacrosanct: the password is the gateway into corporate and personal data, and its compromise leads to various harmful cyber security incidents, including ransomware infection, data exposure, and malware infection of devices and networks.
Passwords are used because they are understandable. But the issue is that passwords are more complex to use than they first appear, and inherent usability issues cause security gaps. In addition, as noted above, we must remember many passwords to interact with technology. The result is that many of us use workarounds or ‘hacks.’
Finding hacks to make life and work easier is commonplace and understandable for busy people with multiple logins across devices, apps, and other network resources. Reusing passwords is a hack that helps employees cope with the tsunami of passwords used at work and home; employees use the same password for different accounts. Sharing passwords or writing them down in plain sight are other areas of password misuse borne of having multiple passwords.
Remote working compounds the issue of password misuse. One 2022 study found that 62% of employees share passwords via text or email. The same research relates alarming statistics around password negligence, including 57% admitting to writing work-related online passwords on “sticky notes” and 67% of those individuals then losing these notes.
With 50% of cyber attacks involving stolen login credentials, keeping passwords safe and making them as strong as possible is a critical part of a cyber-secure organisation.
Poor password hygiene in writing a password down cannot be blamed on the individual. However, with so many unique passwords to remember, this tactic may be the only way to cope. One alternative that helps employees cope with numerous passwords while generating strong passwords is a password generator.
How a Password Generator Works
You may already have experience using a password manager when you are asked to complete a password during account registration. Browsers such as Chrome and Safari have integral password generators. Password managers create secure passwords using one of three methods to generate a random password:
- Pseudo-random number generator (PRNG): the computer uses an algorithm to generate the seed that forms the random password.
- True random number generator (TRNG): uses a physical source such as the radioactive decay of isotopes to generate the seed.
- Cryptographically secure pseudo-random number (CSPRNG): a type of PRNG suitable for cryptography use.
The random numbers generated are used to seed the creation of a password and password length. To secure the generation of the resultant password, a robust password generator typically uses hash functions or block cyphers (e.g., AES)”, which act to prevent a variety of attacks that could make the passwords insecure.
Commercial password generators, including browser-based software, typically store the passwords ready for use when the user attempts to log in to a website. At that point, the generator will provide access to the password or may prefill the password field on the login page. As such, password generators create robust, secure passwords and can also help manage those passwords.
Password Generation and Security Awareness
Even the robust passwords created by a password generator are at risk from poor password hygiene. For example, even a password such as wE4!*tHokl94! which would take 31 years to crack, is worthless if it is phished, stolen in a brute force attack or lost and found by a hacker. A password generator will create strong passwords that are complex and difficult to crack and will help to alleviate the need to remember countless passwords. However, their use must be shored up by good security behaviour.
Employees must be trained in password hygiene to avoid sharing passwords, writing them down on pieces of paper, or leaving their computers or devices logged in when they are away from their desks. However, a password manager can provide a useful tool to help enforce password hygiene and encourage and train employees about the importance of strong passwords.