Countless password generators exist in the market, and they all promise to deliver unique, secure and random passwords. However, according to an Andrea Rock study, consumers should be cautious and examine a password generator more closely before using it.
That is because some password generators are less secure compared to others. To fully understand this, it is vital first to understand what a password generator is and the different types of password generators.
Password generators are online tools, hardware devices, or software that can automatically generate a password. They utilize two main types of random number generators.
- Pseudo-random number generators (PRNG)
- Cryptographically secure pseudo-random number generators (CSPRNG)
Pseudo-random number generators (PRNGs)
PRNGs are algorithms that generate a random sequence of numbers based on a given input known as the PRNG seed.
As a result, the sequence a PRNG generates is not a hundred percent random because it depends on that initial value or input.
Cryptographically secure pseudo-random generators (CSPRNGs)
CSPRNGs are first of all PRNGs in that they also generate a random sequence of numbers. However, CPRNGs have qualities or properties that ensure the sequence is truly random.
With that in mind, now let’s compare the two and determine what you should look for when selecting a password generator
Some PRNGs suffer from “weak” security because the seed value or initial input is a 32-bit integer. That means the generator can produce a maximum of 4 billion results or combinations.
Sure, 4 billion seems like a lot, but all those results can fit in a flash drive. That means a good hacker can easily recover the seed number based on a few generated results then use those to predict the rest.
CSPRNGs on the other hand, do not suffer such a weakness because of the extra properties to guarantee randomness.
Therefore, it is crucial that when picking a generator, you first determine which random number generator or algorithm they are using. If you can, always go for a CSPRNG.
However, if you opt for a PRNG, then ensure the password generator employs additional security functions that protect against input based attacks, cryptanalytic attacks, and state compromise extension attacks.
Good examples of additional security features include hash functions and block ciphers.
You now know the safety precautions to take when picking a password generator; the next step is getting started.
Getting started with a password generator
There is nothing much to this. Once you have identified a good password generator, follow the instructions. If it is software, then you might have to download it. If it is an online tool, then no download is needed.
The only thing you need to check is whether the generator comes with a password manager. This is key because a password manager will store all the passwords the generator generates in a secure vault. To access the vault, you will need to key in the master password which you must memorize.
When using a password manager, anytime, you need to log into an account; you will first visit the site normally. When the website prompts you for login details, you key in your master password to the password manager and the manager will automatically fill in the appropriate information into the website.
Consequently, you don’t have to keep trying to remember which password corresponds to which account. All you need to remember is your master password.