There are many websites online today that promise to create randomly generated passwords for you. These password generators, also known as linear congruential generators, use algorithms to create a random string of letters, numbers and special characters. While convenient, the sites that offer passwords and or offer to store and manage your passwords are vulnerable. 

How Password Generators Work

There are dozens of password generator websites, tools, and apps that you can use to help generate “strong” passwords. These passwords are generally created to meet specific security requirements, such as using a combination of letters, numbers, and special characters.

These passwords are also considered strong because they are random. That is, they are generated using an algorithm versus you combining the name of your pet and their birthday.

Most password generators available today use linear congruential generation algorithms. These algorithms create passwords from a set of characters with set parameters for length, often 10 to 16 characters. These characters are randomized so as not to create the same combination repeatedly.

This seems pretty safe, right? However, because many password generator tools are online, they are also vulnerable.

Password Manager Vulnerabilities

Many of the sites that offer password generators also offer to store your passwords for you. To access your passwords, you create a master password (that doesn’t get stored on the site with the rest of your passwords). Your passwords are stored in encrypted databases and are otherwise protected by top-of-the-line security protocols.

Some of these password managers offer convenient browser plugins, so as you’re browsing the web they can auto-fill your password to access online accounts for you. This makes it easier for people to use strong passwords, which would otherwise be impossible to remember. And to avoid reusing passwords — a hacker’s dream. 

However, because a single entity stores all of your passwords, that entity can be vulnerable to attacks. After all, why would a hacker go after you when they can attack a site that stores millions of passwords for hundreds of thousands of people?

generated-passwordsMFA and Next-Gen Security to the Rescue

Using a password manager with authentication is definitely one way to insure your passwords are safer. That being said, a user may have there own password manager and not use the company provided solution. In that case, Next Gen Endpoint Solutions may help keep your environment from being compromised. Because next-generation security uses artificial intelligence, deep learning, and machine learning, these tools can stay ahead of the hackers.

One example of how next-gen security can be used to keep passwords safe is Intercept X from Sophos. Intercept X is the latest iteration of endpoint protection from Sophos. It combines traditional endpoint protection with advanced artificial intelligence and deep learning to protect against malware, ransomware, and other exploits. Its advanced adversary technology protects against password theft from the memory, registry and off the hard disk of a machine. 

Traditional anti-virus software relies on a database of known threats to identify an attack. It will then stop the attack from progressing and notify you of the threat. Next-generation security no longer needs to know of existing threats to protect you. Instead, it uses AI to learn and identify threats continuously.

To learn how next-gen security can help protect your passwords and keep you safe online, check out our ebook, The Realities vs. The Hype of Next-Gen Security.