Enhancement Request: password rules
When i go to update a password which I do periodically for some apps/websites as an extra security measure, the rules for password generation seem to match whatever the last password I created in 1Password used. This is bad because different apps and websites have different rules about password min/max length, required and prohibited characters, etc.
Unfortunately, some sites don't even make clear what these limits are so it is easy to forget and create a password that won't work. And yes, I have even found websites that both don't tell you the password rules and don't stop you from generating a password they consider invalid! So keeping aware of what is valid for any particular site is important so you don't lock yourself out of a site or create an unnecessary password reset problem that you have to debug.
Request
By default, 1Password should remember the rules used to generate a particular site/app password.
1Password Version: 1Password 7 Version 7.6 (70600005) 1Password Store
Extension Version: 1.21.0
OS Version: 10.15.6 (19G2021)
Sync Type: family
Comments
-
Hi @mbierman!
Thank you very much for taking time out of your day to to share this feedback! We appreciate every idea that could make 1Password even better.
I can see how this could be useful to you, so while I cannot make any promises, I can tell you that I have shared your feedback internally :)
Once again, thank you and have a wonderful day!
ref: dev/projects/customer-feature-requests#164
0 -
I'd like to add that there is now a real and maintained project (thanks Apple) to help password managers know what the password rules are for a particular site or service. The project is quite new and it will be a while before we can make direct use of it, but it is something that we have been contributing to.
I cannot promise when the effects of this will be seen in 1Password, but it is something that we are participating in and supporting.
0 -
@jpgoldberg that looks amazing. I could imagine breaking this feature into different phases though.
- Remember what rules the user applied to creating a password for a particular site or app when they created the password for password updates. This solves the problem of the OP.
- Implement this project as a way to suggest new account creation.
these could also work together. If a user creates a password and it worked, that could go into some machine learning about the rules for that site which could be shared with other users.
0 -
Yep, @mbierman. Both approaches make sense. I can't make promises about any of them, but some clients may be seeing (2) rather soon.
0 -
Oh YES!!! This would be great.
The biggest issues I have seen surround which special characters are (or are not) allowed. Some sites are quite specific. I can understand not allowing characters that are often used in the underlying code, but most folks don't get that distinction.
I would even consider just adding a specific field where you could check off required items from a list (i.e., upper case, lower case, number, special character, min/max characters, etc) for a given login.
0 -
May I suggest an interim step. When I update a password on a website, 1Password pop up asks me if I want to save the new password. I always wait until the webpage behind the pop up indicates that the password was successfully changed. I discard the change if not successful and try again, sometime guessing at the password rules for a particular website.
I typically use Mac for larger screen real state.
Could the pop up have a warning to verify that the password change completed successfully?
I understand that this might be too much clutter in the pop up so I leave it to you. Maybe the changes mentioned above could come soon 🙂0
