Feature Request: More Robust or Customizable Password Generator

bmkaiser
bmkaiser
Community Member

I love that you have word-based password generator. I believe that random words are a lot easier to work with in the few exception of cases where I have to manually type a password in. However, I find that every time I'm making the same changes to auto-generated password to fit my own requirements for passwords. I always make the same capitalization changes as most services require at least one capital letter and throw in a randomly generated number (courtesy of https://random.org) for even more randomness and because most services also require a number.

Could there be a way to create a password recipe that automatically makes the changes for me? Possible recipe examples:

  • Every nth letter of a word is capitalized
  • Every nth word is UPPERCASE
  • Insert a random number between zero and N at X location

At a bare minimum could you make it easier to tell where my cursor is when changing the password? Because the editing is done on the masked password field (even when the password is revealed below), there's a fair bit of guesswork if I want to make an edit in the middle of a password. Sometimes I get it exactly right and I feel like I won the lottery, other times I'm one or two characters off in either direction.

I don't think this is really an iOS specific question, but I do find it to be the most cumbersome on iOS.


1Password Version: 7.2.7
Extension Version: 1.14.1
OS Version: iOS 12.1.4
Sync Type: 1Password

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bmkaiser: Requirements for passwords are not only a pain in the butt, they result in weaker passwords. So that's not something we really want to encourage -- especially if you're making up these "requirements" yourself. ;) For example, "every nth letter" is not random at all, etc. And you can, after all, enable digits to satisfy the "must include a number" requirement (though we'll be improving both entropy and usability by getting rid of that awful slider). We've been working on our new password generator for a while now to get better passwords and usability, and that's very much a cross-platform concern and not limited to iOS.

    But you're 100% right that the cursor sucks when editing password fields on iOS. We don't have a good solution to that since we are doing the secure thing of using Secure Input for password fields, but those aren't really designed for user interaction, apart from linear typing. But it's something we'll keep exploring to see if we can find a better way without sacrificing the security benefits. Probably something we haven't yet thought of there, or that Apple hasn't yet shared with the world.

    Suffice to say, we feel your pain, on all counts, and are motivated to improve it where possible. Thanks for your feedback! :)

  • hoser
    hoser
    Community Member

    I've become a big fan of 1Password's word-based password generator for making strong-yet-still-typable (and borderline memorable) passwords, but like @bmkaiser I find that the current generator frequently falls short because of existing password requirements.

    I agree that such requirements can result in weaker passwords, but that doesn't change the reality that the vast majority of systems already impose such requirements. Since 1Password's word-based generator doesn't accommodate those external requirements, this actually reduces 1Password's usability

    However, I also agree that adding too many or too-complicated options to the generator also hurts usability. But I think something should to be added to increase the usability of word-based passwords. Could one or two straightforward options be added to satisfy external password requirements, while still protecting 1Password's usability and not overtly encouraging weaker password generation? Consider something like the following:

    • An "Add Capitalization" option, allowing the choice of one of four modes:

      • None (default)
      • Capitalize some Of The words
      • Capitalize All The Words
      • UPPERCASE some of THE words
      • Alternatively, this could be just an on-off switch that randomly implements one of the capitalization options
    • An "Add Symbols/Digits" option, allowing the choice of the number of symbols/digits

      • Randomly sprinkles symbols/digits at the beginning and/or end of words (not in the middle of words, so as to help preserve typability/memorability).
      • Alternatively, if another slider is simply too "awful" ;) this could instead be an on-off switch that inserts a random number of symbols for the user

    @brenty, you mentioned "you can, after all, enable digits", however I don't see that in iOS in the word-based generator... am I missing something?

  • @brenty, you mentioned "you can, after all, enable digits", however I don't see that in iOS in the word-based generator... am I missing something?

    I think brenty may have been referring to the character recipe. You are correct that there isn't currently a way to automatically include anything other than words when using the words recipe on iOS.

    We definitely would like to do better here, but thus far we haven't found a way to present a UI that gives this flexibility without adding more complexity than we're comfortable with. We'll continue to evaluate how we can improve. :)

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2019

    Indeed. Sorry for misunderstanding. If I'd realized they were referring exclusively to the "words" part of the password generator, I would have framed things a bit differently. To be clear, word-based passwords are always going to be weaker than a character-based password of the same length, so it's best to use character-based most of the time, and use word-based only when you actually need to memorize/type a password -- like your Master Password, Apple ID, etc. since those are something you need to be able to enter without opening your 1Password vault first. But we'll keep your feedback and everyone else's as we continue to develop future versions. Thank you! :)

  • bmkaiser
    bmkaiser
    Community Member

    Thank you, @brenty and @Ben. I agree that weakening passwords for the sake of requirements is probably not something you'd want to encourage. I am however excited that you are working on a more robust password generator and I hope to see that soon. Thank you so much for your time and responses on this item.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Likewise, thanks for your feedback, and for pushing us to make 1Password even better! :chuffed:

  • hoser
    hoser
    Community Member

    Thanks for the responses, and for considering the ideas. I’m looking forward to seeing the solutions you come up with to help keep moving this great tool forward!

  • Lars
    Lars
    1Password Alumni

    :) :+1:

This discussion has been closed.