How to generate a random password

Most places where you can register or create online accounts have some password-strength requirements, but they often aren’t enough to fully protect your accounts.

If you’re a casual internet user, you probably haven’t thought much about the importance of passwords and that’s okay. Many people do get by with just a simple, one-word password – but that doesn’t mean that they aren’t at risk.

Learning how to create a strong password is essential for safeguarding your data. In this blog, we’ll dive into the importance of ‌random passwords and how password managers can help you create and store them.

Why are passwords important?

There’s no need to talk about passwords using advanced definitions. They have one simple goal: preventing anyone other than you from accessing your online information.

If an unauthorized user or criminal gains access to your data, they can use it however they please. So, think about an unauthorized user logged into your online bank account. That’d make you a bit nervous, right? You’re not alone.

A 2023 study by GoodFirms reveals that 30% of users have experienced ‌a security breach due to weak passwords. Luckily, a unique and truly random password can protect you against these dreaded scenarios (more on that in a bit).

First, let’s break down why ‌we often lean towards simple passwords. Once we finally agree to use a particular website, we want to create an account quickly and easily.

In our haste, we often overlook the importance of password strength. This can lead to creating less complex passwords or avoiding using measures like two-factor authentication (2FA) or multi-factor authentication (MFA).

Unfortunately, you don’t have to be a successful entrepreneur to become the target of a hacker. They can stumble upon you accidentally through common website targets and crack your weak password.

There are multiple methods that hackers use to crack passwords. For this blog, we’re only focusing on‌ attacks that depend on the password’s strength, so we’ll ignore methods like phishing, social engineering, and using malware.

Instead, we’ll go over common web application attacks like brute-force and dictionary attacks (types of guessing methods) mentioned in Verizon’s 2023 Data Breach Investigations Report.

How easily can passwords be hacked?

Brute-force attacks

Let’s start with a brute-force attack. This cyberattack relies on trying all possible password combinations until they can access your account.

How? There are hundreds of thousands of combinations! However, if a password only consists of a few letters, it can be broken in less than an hour.

Dictionary attacks

A dictionary attack often fits well with the brute-force method. As the name suggests, it relies on using common words and phrases instead of random combinations. That’s why using a single word is never a good option for a password.

Spidering

Paired with a dictionary attack, hackers also use a method called spidering. Once they have the names of your children, partners, or pets, they can use this information for an improved brute-force attack.

Passwords that contain sensitive information like birthdays, professions, or hobbies are also at risk. This information is even more problematic if, for any reason, the person who wants to crack your password knows you. Again, instead of randomly trying out passwords, the spidering method makes the brute-force attack much more likely to succeed.

Guessing

Last but not least, there’s guessing passwords. It might seem slow and ineffective, but it can still do some serious damage. You’d be surprised how often people use passwords such as p a s s w o r d or “ 1 2 3 4 5 6 7 8 ” . These are among the first passwords hackers will guess.

Every account should have a unique password

Let’s say you’ve learned the common vulnerabilities of a weak password and switched to a more complex one. You’ve used 1Password’s password generator to create it and tested it with multiple platforms.

That’s a great improvement! But if you’re too proud of your password and decide to use it for all your logins, you’re back to square one. Even though your password is strong, if someone gets their hands on it, they might be able to access your other accounts.

If just one of the platforms you have an online account with is part of a data breach, you’re in danger of losing all your accounts. And this doesn’t just affect your personal accounts, but your work accounts, too.

In fact, companies are often to blame for leaked passwords rather than individuals. Cybercriminals often target large corporations, and millions of accounts with sensitive information get leaked or fall into the wrong hands.

There are interterritorial laws and regulations that can encourage companies to implement better cybersecurity measures. With 1Password you’re more protected online thanks to tough-to-crack password generation and added levels of security to keep your personal information private.

You might be wondering, “How can I remember dozens of passwords?” That’s where password managers like 1Password come in. And guess what? These tools only require ‌you to remember one password: the account password.

How to generate a random password

To make a strong, random password, first you’ll need to learn about complex algorithms – just kidding!

What’s great about passwords is that you don’t have to be a cybersecurity expert to generate an exceptional one. Anyone can do it by using a password manager.

But password managers have a lot more features than just password generation. 1Password comes with a feature-rich random password generator that lets you customize the password generation process and then helps you securely store and access those passwords.

Within seconds, you can use it to generate a password anywhere from eight to 100 characters in length and include uppercase and lowercase letters, special characters, and numbers.

A random password with eight characters, including symbols and numbers, is already very secure. But you can make it even stronger with every new character you add. Password length is a significant factor in its strength (as long as it’s random).

You can also generate memorable passwords, often known as a passphrases, using 1Password. The words used for memorable password generation rarely occur together in real life, minimizing the chances of dictionary attacks, while still being easy to remember.

Memorable passwords are great for instances when you can’t use a password manager to automatically log in to a service, so you want an easier way to type and remember the password. Think of video game consoles or streaming apps on your TV.

When it comes to 1Password’s security, your vault is end-to-end encrypted using AES 256-bit encryption and guarded by other security measures. This means that what you save in 1Password is protected on our servers, in transit, and on your device.

It’s inconvenient to properly manage passwords stored in a notebook or on sticky notes. Passwords stored this way are also often reused, vulnerable to hacking, and susceptible to social engineering.

With so many accounts to keep track of, wanting to reuse the same password is understandable. But even if you vary it slightly by adding a different number at the end or throwing in an exclamation point, this still leaves you vulnerable to hackers.

For personal use, you don’t have to be tech-savvy to make the most out of password managers. 1Password can do the heavy lifting, even offering you perfect password suggestions, known as smart passwords, that automatically meet a website’s specific password requirements.

For detailed steps on creating strong and unique passwords, check out our password generator support article.

4 tips for generating a strong password

Phew, that’s a lot of information! To keep things simple, here’s a list of the five things you should keep top of mind when you’re creating a new password:

1. Combine letters, symbols, and numbers

In other words, you should make your password random. With every new random character, your password becomes stronger and tougher to crack.

1Password generates a mix of lowercase and uppercase letters and numbers by default, but you can also include symbols for additional security.

A random password with 12 characters is quite strong, but a randomly generated password with 16 characters is 8 million times harder to crack.

2. Avoid using common words or sentences

Let’s use the example P @ s s w 0 r 1 2 d . It may seem more secure because it has numbers and special characters, but it can take hackers only a couple of hours to crack this one because the foundation of the password is still a common, often-used word.

If you want something you can remember, you can use 1Password’s memorable password option, combining three or more truly random words.

r a n d o m - e s c a p e e - m o u n t - o p t i m a l

The password “random-escapee-mount-optimal” is incomparably stronger than “I-love-eating-food.”

3. Don’t use personal information

Many of us share information online about our lives without realizing how easy it is to access. Our birthplace, favorite bands, names of people in our lives, and important dates are easy to find on social media., A hacker can use this information to make better guesses at potential passwords you’ve created.

4. Use a password manager

A password manager is your new best friend if you want to make the password-generation experience as easy as possible.

The differences between strong and weak passwords

Here are a couple of passwords generated by 1Password that are considered strong:

• B c X Y U N X D n o e 8 2 G n X
• 5 d 8 y M 5 G 1 s K A 2 r 3 2 q
• _ 9 c f u 2 X 9 V e g g . C f 8
• q i L P c J x X c X E x f J Y m

Strong passwords are usually longer, but their length isn’t the only factor that makes them secure.

Here are three examples:

• D e s e r t - i s l a n d (weak password)
• r 8 E e B A h k (strong password)
• A s d f g h a s f (weak password)

The first password is almost twice as long as the second one, yet it can be cracked much quicker because it uses common or predictable words.

The third password includes random letters, yet it doesn’t offer a combination of different characters and cases, making it quite weak.

Check if a password has been leaked

If you’re using a random password, then it’s highly unlikely that someone has come up with the same one in the past. However, another important precaution is to check whether the password you’ve decided to use has been leaked somewhere in the past.

Let’s say you use this password: “ 1 j 8 s m @ - s ( M ” . It’s a strong 10-character password that can theoretically take thousands of years to crack.

On the other hand, if this password happens to be on the list of cracked passwords, it can take less than an hour. Check these lists and avoid those passwords like the plague.

You can also check if your password is vulnerable with the help of online tools like Watchtower by 1Password.

The breach report also checks for hacks involving your email or username. In that case,‌ changing your compromised credentials is crucial.

Level up your online security with truly random passwords

Using strong, unique, and truly random passwords is one of the simplest ways to make a major upgrade to your digital life. Hopefully, this blog has made you feel like you need to start updating your passwords right away – and we’re happy to help! Take advantage of 1Password’s free password generator, or get started with a free 14-day trial of 1Password.

1Password