A Quick Guide to Using Random Password Generators
The need for passwords is an unavoidable fact of modern life. We require passwords for a huge range of apps and programs, many of them crucial to our day-to-day lives. Everything from unlocking our phone to accessing our email and banking accounts necessitates the use of an individual password. It is not surprising that many people feel overwhelmed! We all struggle with the task of having to create hundreds of unique passwords.
The benefits of password managers
Often, people simply have the same password for a range of uses. They may also come up with obvious passwords that are easy to remember. This system is certainly simpler than creating complicated passwords. But it also leaves the user vulnerable to hackers. Nobody wants strangers to be able to read their email or access their banking details! It is no wonder the average person finds it hard to cope. One solution to the problem is to use a password manager. A password manager can generate all the unique passwords you will ever need.
Recommended password managers
Table of Contents
Random password generators
Password manager programs will generally feature a random password generator component. This means the user doesn’t have to come up with secure passwords by themselves. Installing a program with a random password generator is a great way to enhance your online security. They also protect your personal and financial information from hackers. Not all random password generators are the same. It pays to have some understanding of how they work, so you will know what to look for when choosing a password manager.
In this article, we will give you a quick overview of how random password generators work and what you need to keep an eye out for when choosing a password manager.
What are random password generators?
A random password generator is usually a software program that people use to create unique passwords. They take the work out of having to come up with complicated passwords. In combination with a password manager, random password generators can help people to better manage their passwords and maintain a high level of online security.
There are hundreds of random password generators available to use online or to download. Some are free, some require a fee to use them. Users set the parameters on the majority of random number generators. You can choose to create a password that contains a mix of symbols, numbers, lowercase characters, uppercase characters, and so on.
Types of random number generators
There are three types of random number generators:
- Pseudo-random number generators — Most online and offline random password generator applications fall into this category.
- True random number generators — These devices are usually hardware that use unpredictable processes to generate number sequences.
- Cryptographically secure pseudorandom number generators — A pseudo-random number generator that produces highly secure passwords.
Are random number generators really ‘random’?
Okay, that should give you a good idea of what random number generators are. Now let’s take a look at how these applications actually work.
Take a look at the below passwords:
Pretty complicated right? It is fairly unlikely that even if you could come up with these types of passwords yourself. There is no real relationship between them, no similarities. They all seem, well, random, yes?
Well, no. Actually, it turns out that the passwords our so-called random number generators generate aren’t so random after all. A result must be generated in a way that is without a specific objective, direction, method, or rule to be truly classified as ‘random’. So, because computers use algorithms and rules to generate passwords the passwords they create are not, by strict definition, random. This is why they are classified as ‘Pseudo-random’ because the results a computer will give appear random, but in fact, are not.
How do random password generators work?
To create their ‘random but not really’ passwords, random password generators use a pseudo-random algorithm. Here is how the process works: firstly, the algorithm will create what is called a ‘seed number’ which is used to kick everything off. The algorithm uses this seed number to produce a new number that has no connection to the first one. And again, this new number creates another seed. Until every other possible number has been used by the algorithm, the initial seed will not be used again. This process means that a password algorithm can generate millions of combinations before having to repeat itself.
The vast majority of online random password generators work using this method. And for the most part, it is perfectly fine and provides a good level of security. However, clever hackers have in the past managed to reverse engineer pseudo-random number algorithms and have used this information to gain account passwords and hack slot machines. It must be said that this is extremely rare. The average person will simply not be subject to these kinds of highly specialized, coordinated cyberattacks.
Cryptographically secure pseudorandom number generators can be referred to by the acronym CSPRNGs. These are used to protect against these kinds of reverse engineering hacks. CSPRNGs add complex cryptographic functions and ciphers to the pseudo-random algorithm. There are also programs that incorporate true random number generators into the algorithm to provide added security. This is done by having the user themselves initiate an unpredictable outcome. Sometimes by using their mouse to select numbers that are cascading down the screen or by using atmospheric noise to create selections.
What to look for in a random password generator
There are literally thousands of random password generators and password manager apps available on the web. Some cost money, and some are free. The first step in choosing a password manager or random password generator is to decide on the level of security you require.
For the majority of everyday users, pseudo-random number generators are perfectly fine. The passwords produced by these algorithms are highly secure and will stand up to the majority of hacker attempts. If you want to have an increased security level, then you may choose to use a program that incorporates real-world randomization techniques.
Cryptographically secure pseudorandom number generators are ideal for users that are especially concerned about their security. Make sure you check what random password generator your chosen password manager uses.
Online password generators
We would also add a word of caution about using online password generators. Quite often these sites have not been set up in good faith. Often, the passwords generated are not as ‘random’ as they appear to be. It can be the case that an online password generator has been created by a hacker and is being used as a fishing tool to get user data. Always make sure you are using a reputable application. While there are many online apps for free that are safe, there are also bad actors. A better option than just using a free online tool is to pay a subscription fee and download an app that has been recommended and rated highly by reputable sources.
How to create a secure password
Let us assume that you now have your app of choice, be it an online tool or downloadable software. The first process in creating passwords will be to choose your parameters. There are ways to increase the strength of your password. It is advisable to always use the maximum amount of parameters available. There are only a few good reasons to restrict parameters. For instance, if you are creating a password for a site or an app that does not accept certain characters.
Generally speaking, you will be able to choose from a range of characters that will include 26 lowercase letters, 26 uppercase letters, and 10 numbers. The number of special characters (characters such as # / % $ and so forth) will vary depending on the program that you are using. If, for instance, there are 20 special characters to choose from, you will be able to create passwords from a group of 82 possible characters in total. If your chosen password has a total number of 8 characters, then the possible combinations amount to 82 to the eighth power, which results in over two quadrillion possibilities!
How many options are enough?
That sounds like a lot of passwords, and it is. The only way a hacker could penetrate this system is if you chose a password of a smaller length. Say, a four-character password instead of an eight-character. An 82 character pool will result in over 41 million possible combinations that can be created for a four-character password. However, some random password generators operate on forcing users to use all character types.
If a hacker knows this is a requirement, they can slim down the available options considerably. In this system, there will be 82 available options for the first character. If it is an uppercase letter, instead of having 82 options for the second character the pool will be only 56. Using each character type shrinks the available pool of characters.
Four characters are generally not good enough
In a four-character password, that means your 41 million possibly passwords can shrink to a little over a million. While this is still a big number, a determined hacker can break this encryption relatively quickly using specialized software. It only takes just under a day to crack most simple four-character passwords online. If a hacker can use offline methods to bombard the password with guesses, then modern software can crack a four-character password in just seconds!
The longer the password the better
The solution is to always choose longer passwords. If you use a shorter password, you may miss out on at least 97% of the available options! Many experts recommend that passwords should be at least eight characters long, but for added security, you can build a password of 16 characters. You can make it as complicated as possible because the password manager will remember it for you!
There are many online tools you can use to check the strength of your passwords. In this case, we are using the Password Haystack Calculator from the Gibson Research Corporation site. (Tip: don’t use active passwords when using this or similar apps).
Let’s look at a few examples now.
Six character passwords
A six-character password like “c2D}2C” would take over 23 years to crack using online methods of a thousand guesses per second. With offline methods that incorporate one hundred billion guesses a second, the same password could be cracked in just 7.43 seconds. Ramp that up with a massive attack of one hundred trillion guesses per second and this password falls in just 0.00743 seconds.
Eight character passwords
An eight character password like “RsA5vW#t” would take over 2 centuries to crack using online methods of a thousand guesses per second. Offline, this password could be cracked in a little over 18 hours at one hundred billion guesses a second. This password is broken in a little over a minute at one hundred trillion guesses per second.
Okay. Let’s move up to the next stage.
Sixteen character passwords
A 16 character password like “#%y5’DAMfUsB6” would take over 14 million trillion centuries to crack using online methods of a thousand guesses per second. The faster offline method of one hundred billion guesses a second is still going to take 1.41 hundred billion centuries to guess the right password. Even with the massive cracking array scenario at one hundred trillion guesses per second, breaking this password is still going to take a staggering 1.41 hundred million centuries.
The bottom line
Using a password manager with a built-in random password generator is a great way to improve your security. The most important aspects when choosing an app is to be sure it is reliable and reputable. It should use an algorithm that provides an acceptable level of security. You should choose a long password using all available characters. This will ensure you stay safe online and can have peace of mind knowing that your passwords are unbreakable.
This article was written by: Team Securifer
We are the proud publishers and founders of Securifer.com. We consist of expert cybersecurity researchers and other privacy realists.