Password Generator password length

24

Comments

  • krokyk
    krokyk
    Community Member
    edited February 2020

    that is fine, I understand, but pls provide an option to change the suggested password to a criteria specified by me (i.e. I want to specify length and what chars are to be used) - just like you let us define "recipe" in the Password generator. I mean add the option to the tooltip suggestion, not in the extension or desktop app

    If I understand correctly the predefined and unchangeable "recipe" is 20 chars in length, then how come my suggested password is 12-char long? I can see the 20-char length in the Password generator (i.e. when I click + -> Password -> click on the "key" icon)

  • ag_ana
    ag_ana
    1Password Alumni

    @krokyk:

    If I understand correctly the predefined and unchangeable "recipe" is 20 chars in length, then how come my suggested password is 12-char long?

    Where do you see this? Can you give us the exact steps to reproduce this so we can test it?

  • EeK
    EeK
    Community Member

    I'm having the same issue as @krokyk. Found this thread after searching for answers and created an account only so I could post about it. Using the extension for Firefox (72.0.2), on Windows 1909.

    Default password length when using the password generator had always been 20 characters. However, today, when trying to create two different logins on two different websites (including this very own), the password generator generated passwords that were only 13 characters in length.

    Because there's no way to edit the length of passwords on the fly through the drop-down menu (something that should definitely be addressed, as many other users have already suggested), I had to manually create logins and then define the length of the passwords myself, copying and pasting them.

    I also noticed that there's no more way to manually define the number of digits and symbols. Has that changed?

  • krokyk
    krokyk
    Community Member

    @ag_ana Hi, so I fired up some random registration form:

    and as you can see, the generated password is 14 chars long... Which setting and where is this driven by?

    This is the password generator when manually clicking the + sign in the firefox extension:

    You can see length is 20....

    So I'm really confused where (and if) this can be configured by me.

    Adding option to configure how the password is generated directly in the dropdown (when you click that 1pass icon in the password field) would be really helpful. I'm not asking for this to be persisted and stored as a default for a subsequent password suggestions, it's an on-demand one-time thing that I want to tweak my password for this one particular password field on this one particular site at this particular time

  • llbehar
    llbehar
    Community Member

    I've had the same problem as people above. I need to be able to set the password length. Sometimes a site will require a certain length and forbids certain characters, so we need to set the characters too.

  • Sinfully
    Sinfully
    Community Member

    I'm also having the same issue as @krokyk @EeK and @llbehar

    Please help ! :) Everything was fine last week... Did something change regarding the default length of the suggested passwords? 20 chars with symbols was the sweet spot. Now it's only suggesting a weak 13 char long password...

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey guys,
    We have changed the suggested strong passwords recipe recently so it would fit more websites by default, to prevent situations where users select the suggested password and ending up being rejected by the website they're signing up for. You can see this change was made in the latest version's log: https://app-updates.agilebits.com/product_history/B5X

    The reduction of length in the passwords generated does not mean these passwords are not strong. They are very strong and remain on the range of what we consider super safe and secure. While 14 characters sounds weak to you, the entropy and complexity of the generated passwords is calculated and generated by our algorithms and will withstand any complexity test you put it through :)

    If you still feel unsafe using our suggested passwords, you can always use the full-fledged passwords generator in 1Password X, where you have full control over the recipe:
    1. Click the 1Password X extension icon to open 1Password in your browser.
    2. Click the big "PLUS" icon to reveal the menu.
    3. Select the Password Generator (the first option).
    4. Generate passwords according to your needs. It will also remember your settings the next time you open it.

    Thank you all for the feedback - we will see if/how we can insert the password generator in that little popup in the future.

  • Sinfully
    Sinfully
    Community Member

    @Yaron Thanks a lot for your answer, it's all I wanted to know :)

    Thank you all for the feedback - we will see if/how we can insert the password generator in that little popup in the future.

    That would be GREAT.

    Kind regards

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Yaron, you are welcome :) If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • Zoup
    Zoup
    Community Member

    I just want to drop by and say I love the new generated password in 1Password X. The old 20 characters long one was annoying as I've run into a lot of websites that don't go that high. Also, the new generated one is easier to read or type if I need to. I'm loving this shorter and easier to read suggested password!

  • @Zoup

    Thank you for the kind words. The entire team loves to hear comments such as yours. They brighten the day! :)

  • zmelnick
    zmelnick
    Community Member

    @Yaron, in your post you mention "14 characters". But in my experience, only a few of the generated passwords are 14 characters. Some of the generated passwords are only 12 characters and doesn't get marked as "excellent" passwords. Just "very good". Why are the new passwords not all "excellent"? Shouldn't that be a minimum standard for all your suggested passwords?

  • ag_ana
    ag_ana
    1Password Alumni

    @zmelnick:

    The new limit to 14 characters was implemented only recently. Before it used to be 20, so if you have several passwords with 12 characters, it means that you specifically chose different settings for your password generator when you created them. What we use by default is just a recommendation, but you can make passwords longer or shorter as you see fit.

  • zmelnick
    zmelnick
    Community Member

    @ag_ana This was a password created by the default suggestion. It was 12 characters in length. I am able to re-create the different length suggestions fairly easily, and they are not always 14 character. For instance, I went to pretend to register for a new account on this forum, and 1Password suggested a password that was 13 and not 14 characters. The 12 character password I posted about above was created using the same "suggestion" method.

    Shouldn't all suggested passwords be a minimum of 14, or at least complex enough for the 1Password software to mark them as "Excellent"?

  • Hey @zmelnick. The new recipe gives passwords that are mostly of length 14 and have about 48 bits of entropy, suitable for almost all use cases. As you've seen, occasionally this is a bit less, but rest assured these are still plenty secure. We have some work to do to make sure the password strength is shown (and calculated) uniformly across all devices. In other words, although counterintuitive, I wouldn't stress here over the fact that your generated password is shown as "only" Very Good — rather, we need to make additional changes to display and calculate things differently to better reflect the actual strength. The actual generation and strength are sound. :smile:

  • wibblemonkey
    wibblemonkey
    Community Member

    Why can't this simply follow the options set in 1PasswordX? If I set the options for generated passwords to 20 characters and no symbols my expectation is that the passwords suggested to me will follow the options that I set. The fact that the suggested password follows its own "recipe" is counter-intuitive at best and confusing at worst.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @wibblemonkey ,
    The suggested passwords recipe cannot be changed since we fear users who are not as savvy as you might change the recipe to something very simple and unsecure due to some outdated website they need right now, but then forget that they changed it so, and use very weak passwords from now on until the day they finally notice their weak passwords. This is a very important security issue that we're preventing by keeping the suggested passwords recipe intact.

  • ragtim
    ragtim
    Community Member

    This is super frustrating for me as well. Trying to beta this against lastpass which I have used for a decade and this should be simple. I keep reading the same "cannot be changed since we fear users who are not as savvy as you" replies. I would much rather have had a simple slider that let me adjust the Suggested password (or generated password) length to be longer or shorter even if it defaulted back to 20 characters the next time rather than having the length shortened to 14. I actually came here to investigate a solution because 14 characters is too short. I am new to 1Password, but as password generation is the first major part to what a password manager does, the suggested feature is just more cumbersome to me. I have to go to another extension, app, or location to generate my passwords. Not friendly at all. I am also confused at to why there is a suggestions and a"generated password" in password x drop down. The "suggested password" is 14 characters. If then go down to "generated password" all it does is generate a new 14 character password. I understand that simplicity is what you are going for, but at the point that the "suggested password" doesn't meet the needs and someone has to choose something else in the drop down, why not just let them choose the length?

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @ragtim ,
    Thank you kindly for the much appreciated feedback.

    The suggested passwords were really long and complicated up until a couple of months ago (around 20 characters or more), and users complained it was completely useless, as the vast majority of websites declined these passwords due to not following the website's requirements. So the suggested passwords were not only unhelpful, but actually confusing and frustrating to a lot of users.

    We then adjusted the recipe and now create very strong passwords that are shorter and comply with almost every website's requirements, making it super easy and fast to sign up without having to go to the passwords generator and manually creating one.

    We're looking on ways to improve this further and see if we can cram the generator inside that inline menu of 1Password X, but until then, if you're unhappy with the suggested passwords, don't use them. Instead, go to the generator that is in the 1Password X extension. The inline menu is there to make things easier and faster, but the 1Password X extension on the top right corner of your browser is where ALL the features are :)

    Thanks again for the feedback, keep your apps up to date and stay tuned.

  • benlei
    benlei
    Community Member

    @Yaron Yes please add in the ability to swap the "Suggested Password" option with the "Password Generator" options. I've been very frustrated with these pathetic suggested passwords. Maybe you can add an "I am an Advanced User" option that reveals such an option so that the "less savvy" users won't make poor decisions.

  • jmjm
    jmjm
    Community Member

    Yes please add in the ability to swap the "Suggested Password" option with the "Password Generator" options.

    That would be helpful for me also. (It is rare for me to use the "Suggested Password").

  • ag_yaron
    ag_yaron
    1Password Alumni

    @benlei @jmjm Guys, the suggested passwords are a relatively new feature and it does not replace the full fledged password generator. The password generator is still where it always was - in the 1Password X popup under the big PLUS button.

    If you don't like the suggested passwords, don't use them. Ignore them completely and go to the password generator, like users did before we added the suggested passwords feature.

    In any case, thank you for sharing your feelings and thoughts about this. Your feedback has been added to the dev's log and I do hope we see something new in that feature soon. :chuffed:

  • Joshua2504
    Joshua2504
    Community Member
    edited April 2020

    So, I can't believe that this is true. Like jmjm said, just add the ability to swap the "Suggested Password" option with the "Password Generator" options. We, as advanced users, need this.

    If LastPass can do similiar things, you should be able to too... srsly.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for your feedback as well @Joshua2504! :)

  • break80
    break80
    Community Member

    @Yaron,

    I searched and found this discussion because, after trying several times to generate a password greater than 14 characters, I too failed to do what seems obvious to me.

    So, following your guidelines I tried to use the password generator as you suggested. I am able to generate greater than 14 characters, but I am unable to copy it to the copy/paste buffer. I can see the generated password, but the copy button never activates upon generating the password. So I tried using Ctrl-C to copy and then Ctrl-V to paste into the website page, but nothing gets pasted.

    What am I doing wrong?

    (FYI, I am using 1Password X, Version 1.18.1 in the new MS Edge browser).

    break80

  • break80
    break80
    Community Member

    @yaron,

    I even tried this using the 1Password App to generate the password, but still could not paste it.

    Could it be that the site, in this case Costco.com, does not allow pasting of new passwords in their password editing space?

    break80

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @break80 ,
    There's currently an issue with 1Password X 1.18.1 that may prevent copy-pasting of fields incertain setups, and we've already fixed it internally so it should arrive to you soon.
    Does the button to autofill the new password not work as well?

    You should definitely be able to copy passwords from the desktop app though, sounds like something is going on with your clipboard there. Have you tried restarting by any chance? Restarting in Safe Mode might also help diagnose the problem.

    Also, you and everyone else here will be happy to know that we changed the suggested passwords recipe so it would generate longer passwords (around 16 characters), so hopefully people will find it adequate.

  • break80
    break80
    Community Member

    @yaron,

    Glad to know I was not doing something wrong. Looking forward to the update (I use beta so I assume I will get it whenever released).

    My computer has been rebooted for this test. When I use 1P App to generate the password and copy it, it is definitely in the past buffer. I know this because I can paste it in a text editor. But it will not paste in the new password field of Costco. Here is what I see:

    break80

  • ag_ana
    ag_ana
    1Password Alumni

    @break80:

    When I use 1P App to generate the password and copy it, it is definitely in the past buffer.

    Can you confirm that you are using the 1Password for Windows app to do this? From what you wrote, I think you used 1Password X (the browser extension) to generate this password instead.

  • break80
    break80
    Community Member

    @ag_ana,

    I am not certain what you mean by "do this" because I told you several things. Allow me to clarify.

    I am using both the new Microsoft Edge with 1Password X, and the Windows 10 1Password App. To be clear, the screen shot is from the new Microsoft Edge. As you can see it is suggesting a 14 character password from 1Password X. When I use 1Password X to generate a new password and copy it, it will not paste. When I use 1Password App to generate the new password and copy it, it too will not paste. In fact I cannot paste anything in that cell. 1Password X is blocking anything but the 14 character password, which does paste automatically when the suggestion is selected.

    Hope this is clear.

    break80

This discussion has been closed.