Feature Request: Special characters allow list for password generation
Problem
Many websites allow or require special characters, but only from a defined subset. There is no consistency across websites on what this list is, but usually it is shared to the user.
1password allows generation of passwords with n number of special characters. The collection of special characters used is defined by 1password and can include special characters not allowed by the website.
Solution
Allow the user to define an allow list of special characters to be used in the password generator
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @viet!
Thank you for the feedback! My understanding is that this is something that we don't plan to do: we are trying to generate passwords that are as random as possible, and I was told that selecting specific items for the generated password gives you a lower password entropy.
You can read more about this from our security team here, if you are curious :)
0 -
I understand the reasoning and I agree with you the best password is one of highest entropy.
But if the website’s password validation does not accept the password because it denies certain characters then the random generator is useless. For example, lets say one website only accepts special characters from the following list:
%#^?
. It won’t accept a password with the character$
. If the password generator outputs a password with the disallowed character it won’t be accepted by the website because it fails their validation.The best approach to this situation is to generate the best random password with the allowed characters that pass the website validation. Is it the most secured password? No it is not. But it is the most secured password allowed and validated by the website.
Not allowing this forces the user to manipulate the randomly generated password to remove denied characters, which reduces the effectiveness of the password.
I understand the stance you are taking, but I think it is a very rigid one that is not practical to the (what I believe) actual goal and purpose of the random password generator feature: to generate the most secured password which is validated by the tool/website/et cetera.
0 -
I can say that in the latest 1Password for Mac beta we are exploring using the password rules information provided by Apple to make this automatic, so you still have the randomness while still following the rules of the specific website ;)
Unfortunately some websites still decide to put these rules in place instead of just allowing all characters, but with the new rules database at least things will be easier for us users :)
0 -
I see. That is great to hear. Looking forward to seeing how well it addresses the case.
Just from my personal viewpoint it is quite frustrating to generate a 64 character password string with x number of digits and y number of special characters, and then having to comb through the string to replace the denied special characters with one that is acceptable by the specific website.
0 -
Upvote this request for viet’s! I have this problem all of the time. Thanks!
0 -
Bump. Has this been added, and I'm not seeing it?
This is a legacy limitation of 1Password that needs to be addressed and is quite long overdue. Since first using 1Password in 2008 to now, this issue has always been limitation of the software. I need this tool to serve my needs, even when those needs are at odds with software designer's intentions.
The password constraints are, after all, not my decision, but a decision which has been made by the website's policies makers. I am forced to bypass the functionality of this generator about 40-50% of the time (3 times this week), and that probably isn't making better passwords. The use-case for this feature in the pw generator is so frequent and solution so obvious. Please add a text box within the special characters section which can pass a discrete special character list in place of the default special character list.
Thanks for any insights. Hope the feedback is truly being considered.
0 -
Hi @jjjjacob
We don't have plans to go in that specific direction, however we have begun using Apple's password manager resources repo. This repo collects details about the requirements of various websites including which special characters are allowed in passwords so that all password managers can comply. You can read more about the repo here:
apple/password-manager-resources: A place for creators and users of password managers to collaborate on resources to make password management better.
When using the Smart Password option in the password generator within 1Password in the Browser, 1Password will suggest a password that is acceptable to the site, assuming it is in the repo:
If there are sites where an appropriate password is not being suggested, it can be suggested for inclusion in the repo. You can either make that suggestion directly yourself, or we can do that on your behalf.
Ben
0 -
I'm glad Ben could help. Have a great evening!
0