There are loads of password generator out there which will generate strong passwords for you, this is nothing new, but I came across this very handy tool today called “Hardest PW” which does something else useful.
Aside from generating a strong password, it will also generate a one-time link to that password which stays active for 7 days or until the link is clicked on, and will then reveal the password to the person who clicked the link.
In case you do not know why this is useful, let me explain.
One of the biggest security dilemmas of all time when it comes to passwords is how to securely deliver it to the end user without creating a potential security risk / easy access point for criminals.
Sending passwords out via email has always been the norm, but the problem is when the recipient of that email then leaves it in their inbox and uses that email as their permanent reference to that password instead of writing it down somewhere safe or using a password manager and then deleting the email.
Thankfully, this practice has finally started to change and a lot of sites now ask the user to choose a password during the signup process and do not send it out via email, so the user is expected to write it down or remember it. But the majority of sites are still doing things the old/insecure way.
One of the primary targets for cyber criminals and hackers is a users email account. This is because once they get into your email, they can pretty much access everything. If you have emails in your inbox with passwords in them, you have just handed it to the criminals on a platter.
For everything else, the hacker can perform a password reset request on any website, which will send a password reset link to your email address, which the hacker now has access to. They will then click the link, and reset your password and then delete the email and all evidence of their actions. This is why it is critical to also use a password manager along with 2 factor authentication.
So by using this one-time link you can at least avoid the issue of the password sitting around in someone’s inbox for eternity waiting for someone to find it. Just generate a password and send the link to your client, advising them to store it securely in a password manager.