Generated or stored password?

When you are creating a new password, PfP will offer you a choice between a generated and a stored password. With the former, it will choose a strong unique password automatically. The latter allows you to enter a password that you choose yourself.

Choice between generated and stored passwords offered by PfP

The recommendation is to use generated passwords whenever possible. Why is that and when should you use a stored password?

Why generate passwords?

The most obvious advantage of generated passwords is being able to recover them easily. Generated passwords can be recovered even if you have no backup whatsoever. They are also easiest to recover from paper backups. While paper backups also contain a recovery code for stored passwords, entering a lengthy code into PfP isn’t easy.

Generated passwords are also guaranteed to be strong and impossible to guess if somebody is trying to gain access to your account. Finally, with generated passwords you never need to see your password, meaning that somebody watching over your shoulder won’t see them either.

And the disadvantages?

In theory, if somebody gets hold of one generated password, they can try to guess your master password which would allow them generating more passwords for your accounts. This makes choosing a strong master password a critical security requirement. A weak master password would compromise encryption of stored passwords as well however, so you should always make sure that yours cannot guessed easily.

When should a stored password be used?

Occasionally, you will have to use a password that you cannot choose. For example, a password is generated by the service provider and cannot be changed. Or your entire team is sharing the same credentials for a particular service. Or a service has such weird password complexity requirements that a generated password cannot fulfill them. That’s the main usage scenario for stored passwords, to help you use these passwords without having to remember them.

The less common scenario is PfP changing its approach to generate passwords. That might become necessary because of security considerations, due to increased capability of computer hardware for guessing master passwords. Since PfP cannot change your password, your older generated passwords might be converted into stored passwords.