Why no number and symbol is better?
Hi,
I noticed the password generator gives lower strength to passwords with number(s) and/or special character(s).
Is it possible to have an explanation of the maths being this?
Thanks
1Password Version: 7.2.4
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Can you post a few samples. (Do not post real passwords, of course.) Also can you let me know which version of 1Password you are using?
0 -
@joan38: Are you maybe adding those characters (or whole passwords) yourself? 1Password intentionally rates user-provided passwords as weaker since we don't know where thy came from, whereas 1Password knows exactly how much entropy a password it has generated itself has, since it knows the character set and algorithm used, etc.
0 -
They are all 1Password generated. You can try also on yours, by just dragging the slider of symbols or digits it will bring down the strength of your generated password.
0 -
@joan38: Ah, thank you for the clarification. I'm not sure how well I can explain this, but the reason is that you've set them to "1": only one character in the whole password can be a digit/symbol in that case, rather than any character in the password potentially being one of any of the symbols/digits.
As a point of comparison, our new password generator which we're rolling out in all of our apps one by one has only a checkbox for digits or symbols. So, with "symbols" enabled, literally any of the characters in a 13 character password could be a symbol, instead of just one of them. You can get a better idea of what I mean by trying it here:
https://1password.com/password-generator/
Does that help? :)
0 -
Ok I see. So one char will have only 10 possiblies instead of 2*27.
Looking forward for the new generator which will do 2*27+10 possibilities on all the chars.
0 -
Hi @joan38,
I've never been a fan of exactly x digits/symbols approach myself, I understand sometimes needing to ensure a digit is present because a site insists on it but I like my passwords as uniformly random as possible, selected from the entire available character set.
0
