How To Easily Generate Unique Complex Secure Passwords On Android

How to easily generate unique complex secure passwords

A Quick Intro

You Think Your Credentials Are Safe With Popular Web Services?

Passwords Are A Window To Your Soul

The Problem With Choosing A Strong Password

Why Are We Talking Only About Android Here?

The First Step – Unique Passwords

The Next Step – Unique Computer Generated Passwords

Browser Built-in Password Generation

Quickly And Easily Generate Complex Secure Password On Android

Final Thoughts

A Quick Intro

The main problem with password authentication does not lie only in having passwords that are easily guessed but also passwords that are used for more than one online service so when a certain online service security is compromised and their password database has been stolen (passwords are generally salted, hashed and then stored, but there are already rainbow tables for pre-computed hashes), so if you used the same password to sign up for something else more important, then anyone can use your same credentials to login to any other service…

You Think Your Credentials Are Safe With Popular Web Services?

A very handy tool to check if your e-mail address has been included in one of the known hacks is to go to haveibeenpwned and enter your e-mail address to find out if your login credentials have been compromised somewhere… Believe me, you would be surprised with the number of breaches that your credentials have been a part of, for the e-mail address i used i found that i have been a happy part of 11 breaches on many websites including popular services like Dropbox breach in mid 2012 that was only made public in 2016, LinkedIn data breach also in 2012 and only made public in 2016 when data went on sale and Adobe breach in October 2013!

haveibeenpwned showing a password breach for an e-mail

Haveibeenpwned shows if your e-mail address has been included in any of the known breaches

Passwords Are A Window To Your Soul

Think about it like this : passwords are a window to your soul, every person chooses a password taking into consideration that they will never tell anyone their password, in most cases :), so the password you choose thinking no one will be able to see can and will most likely reveal a key piece of information about you! A password like “Il0vemyD0GB3LLA”, although being a long and relatively complex password, is a clear answer to a common security question like “What is your pet’s name?”, in our case the dog name is clearly Bella… I’d rather replace that with a password like “$+T,I\;p7gYM” which does not reveal any kind of information whatsoever about the person who chose the password…

The Problem With Choosing A Strong Password

Now arises a second problem which is that we, humans are lazy and not very creative when it’s forced or recommended to use either a strong password or a unique password for every service and every time we are enforced to change our passwords by a company policy!

Again, please do not think like “The service i am signing up to isn’t important, it’s just a cooking recipe website so i don’t care if the password is stolen, etc…”, as explained earlier, it does not work this way…

Why Are We Talking Only About Android Here?

Gartner mobile operating system market share worldwide

Android OS market share, Source: StatCounter Global Stats – OS Market Share

Of course all these concepts apply to any password on any platform, we’re talking about Android here for two main reasons:

It’s the most popular OS on mobile devices.

-People tend to be lazy when all you are using is a touch screen whereas on desktop machines, there are a lot of options really and anyone who has even a tiny bit of security awareness should and must be using Keepass or another password manager…

-Automatic, unique password generation is still not natively supported neither by most apps nor built-in Android itself.

The First Step – Unique Passwords

We won’t be going over the importance of using two factor authentication or 2FA as relying on passwords only for security is so dangerously insecure, old fashioned and outdated, first let’s agree on an important principle here: Use strong unique passwords for each and every web service you sign up to!

The Next Step – Unique Computer Generated Passwords

The importance of using unique computer generated passwords for every web service you sign up to does not only protect your different online accounts that are using the same password across the web but it also protects other accounts that are even NOT using the same password but have security recovery questions which answers to might be derived from your password!

Keepass password generator tool is an easy way to generate complex passwords within the password manager itself

Normally on my desktop machine i rely on KeePass’ built in password generator to generate secure passwords but KeePass on Android functionality is not really built for this purpose

Browser Built-in Password Generation

Chrome suggests strong unique passwords to be used and saved instantly

Google Chrome on desktop will generously generate a strong password and even offer to save it in Chrome’s password manager

While some browsers like Google Chrome have recently started to adopt the option to “Generate secure passwords” and save them for you when it detects a Sign-up page, for some reason that we have yet to ask Google about, Chrome users on Android are left in the dark and the option to generate secure passwords does not appear by default on Android unless you go into chrome developer settings and activate that feature.

Chrome automatic password generation is not enabled by default on Chrome for Android

You need to dive into Chrome flags on Android in order to enable password generation

Quickly And Easily Generate Complex Secure Password On Android

This is why I need to rely on another application to quickly generate secure passwords on Android and the best part is that it’s very quick and is totally application-independent… Enter android “Password Generator” app that is freely available on the Play Store 🙂

Password generation on Android using Password Generator app

Choose your options and click generate, as easy as it gets!

The interface is very intuitive, choose obvious options like the password length, characters to include in password, hit the generate button and then the copy to clipboard button and voilà! Another unique, complex and secure password for any purpose.

Final Thoughts

To sum up, choosing a strong, complex and unique password for every service is the best and only way to protect from password theft specially for services that do not support two factor authentication… There is really no excuse for using easily guessed passwords when a strong password is one or two clicks away.

mo

Information Security Engineer with vast experience in a large array of devices and technologies.

You may also like...