Passwords serve as the key to our online accounts both at work and at home. If we use secure passwords and keep them safe from prying eyes, our accounts will be protected from unauthorized access. While it is possible to create your own passwords that are both complex enough to hinder password-cracking computer programs and guessing human beings alike (see the article Passwords and Bots for more information), it can be a hassle. Additionally, with so many accounts and best practices recommending that we use complex passwords while also making each account’s password different, it can be extremely difficult to keep track of everything.
Fortunately, there are ways to not only generate strong, random passwords for every account, but also keep them organized. Programs called password generators can devise the passwords, and password managers can store them in a way that keeps them safe while still being within easy reach for day-to-day use.
Please Note: Many parts of this article are for educational purposes only. The PRM IT Department is unable to provide support for third-party password management software. If you decide to use a password manager for work, please understand that we are unable to help with any issues you may run into while using it.
Random Passwords
A random password is just that; a collection of numbers, letters (both capital and lowercase), and special characters in a completely random order. Unlike a password or passphrase, random passwords aren’t meant to make sense to you or anyone else.
Generating a Random Password
It’s possible to generate a random password by using online tools like the Secure Password Generator. This generator contains a variety of options that let you create an infinite number of random passwords. When using an online tool like this, however, it is important to make sure it’s doing the generation on your computer instead of on a remote web server. With the Secure Password Generator, you can ensure this by making sure that “do NOT send across the internet” is checked. This means that the password is being created on your computer, and no one online will be able to see it. If the password was being generated on the internet, it would be possible for someone to intercept it.
Most modern password managers will also generate secure passwords as part of their basic functionality. For more information, see the section ‘Password Managers’ below.
The Benefits of Random Passwords
Unlike a password made up of actual words or phrases, random passwords are impossible for other people to guess. Random passwords are also very good at confounding password guessing bots, with some limitations:
Password | Bot Guess Time |
urZ9hSnV | 1 hour |
Z?9xD`w. | 12 hours |
kCAsRtHSx84u | 2,000 years |
YE5>{{kneS2P | 63,000 years |
zq9Bm4h9teyURFCZ | 37 billion years |
p7Rcm5<6)#-*Jc4e | 41 trillion years |
While all of these passwords would be impossible for another person to guess, a bot will only be truly stumped if the password is long enough. In most cases, best random passwords are 16 characters long or longer and contain uppercase and lowercase letters, numbers, and symbols.
The Drawback of Random Passwords
Random passwords are very difficult to memorize. If you are following the best security practices and using a different password for every account, keeping track of that many random passwords on your own can be very difficult. The best way to deal with them is to store them in a secure place, like a password manager.
Password Managers
A password manager is a program or service that lets you store, generate, and manage your passwords for local applications and online services. Password managers usually store their data in an encrypted database, sometimes called a vault. The vault is protected by a master password. Password managers can be either a program installed only on your computer that stores its database locally or a web-based service that stores its database entirely online.
The Benefits of Password Managers
Password managers are a convenient and secure way to keep track of multiple complex passwords. Many of them have both desktop and mobile versions, allowing you to access your passwords both on your computer and on the go. Additionally, many of the desktop password managers include a web browser extension that will let you automatically fill in saved usernames and passwords on websites without having to open another program. Finally, many of the popular password managers also let you store secure notes to have even more information on hand while keeping it safe.
The Drawbacks of Password Managers
Since your entire vault in a password manager is secured by a single master password, it needs to be both memorable and secure. If you forget your master password, you lose access to all the information for your online accounts, and if the password is easy to guess, all your accounts could be compromised in one fell swoop. You can’t save this password in the vault, either, since you need it to access the vault in the first place.
It's also important to consider that data breaches are a possibility for online password managers. Be sure to do your research into cloud-based password manager services to see if they've ever experienced a data breach. If you find that it's happened before, tread with caution; it could happen again. If your research reveals that the service has been breached multiple times, strike that candidate off your list; it's not worth it.
Some of the cloud-based password managers will also charge a subscription fee to use them. While you may find the cost to be worthwhile, it’s still a factor to consider. If you want to use a solution that runs on your computer instead, it may be less expensive, but it may not be possible to sync your passwords between multiple computers or mobile devices.
From a PRM-specific perspective, as previously stated, the PRM IT Department is unable to provide support for third-party password managers, so if you wanted to use one for work, you would be doing so at your own risk.
Examples of Password Managers
There are a lot of password managers out there; please note that this list is by no means comprehensive.
Name | Where it Stores Your Data | What to Know About It | Where to Find It |
Passwords Contact | Online, in your PRM Microsoft 365 Account | The only Password Manager PRM IT can provide support for | In your Outlook contacts on your work computer. |
Google Passwords | Online | Built into Google Chrome | https://passwords.google.com/ or in the Google Chrome Browser |
Microsoft Edge Password Manager | On Your Computer | Built into Microsoft Edge; see this article | In the latest version of Microsoft Edge |
KeePass | On Your Computer | Well known and 100% free | |
1Password | Online | $2.99 per month for an individual if you bill annually | |
BitWarden | Online | Free for Personal Use |
NOTE: A previous version of this article featured LastPass in the above table. In light of their multiple security incidents (there have been so many that LastPass's Wikipedia page has an entire section dedicated to them), we strongly recommend against using LastPass. Everything else listed above is still considered safe.
The Bottom Line
Ultimately, whether to use a Password Manager or not is up to you. It’s entirely possible to keep your passwords secure without one, but it can be a very useful tool, especially if you have a lot of complex passwords to keep track of. For your work here at PRM, we strongly advise using your Outlook Passwords contact to keep track of your work passwords and any other crucial external account information.