Enhancement Request: password rules

mbierman
mbierman
Community Member
edited September 2020 in Lounge

When i go to update a password which I do periodically for some apps/websites as an extra security measure, the rules for password generation seem to match whatever the last password I created in 1Password used. This is bad because different apps and websites have different rules about password min/max length, required and prohibited characters, etc.

Unfortunately, some sites don't even make clear what these limits are so it is easy to forget and create a password that won't work. And yes, I have even found websites that both don't tell you the password rules and don't stop you from generating a password they consider invalid! So keeping aware of what is valid for any particular site is important so you don't lock yourself out of a site or create an unnecessary password reset problem that you have to debug.

Request

By default, 1Password should remember the rules used to generate a particular site/app password.


1Password Version: 1Password 7 Version 7.6 (70600005) 1Password Store
Extension Version: 1.21.0
OS Version: 10.15.6 (19G2021)
Sync Type: family

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @mbierman!

    Thank you very much for taking time out of your day to to share this feedback! We appreciate every idea that could make 1Password even better.

    I can see how this could be useful to you, so while I cannot make any promises, I can tell you that I have shared your feedback internally :)

    Once again, thank you and have a wonderful day!

    ref: dev/projects/customer-feature-requests#164

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    I'd like to add that there is now a real and maintained project (thanks Apple) to help password managers know what the password rules are for a particular site or service. The project is quite new and it will be a while before we can make direct use of it, but it is something that we have been contributing to.

    I cannot promise when the effects of this will be seen in 1Password, but it is something that we are participating in and supporting.

  • mbierman
    mbierman
    Community Member

    @jpgoldberg that looks amazing. I could imagine breaking this feature into different phases though.

    1. Remember what rules the user applied to creating a password for a particular site or app when they created the password for password updates. This solves the problem of the OP.
    2. Implement this project as a way to suggest new account creation.

    these could also work together. If a user creates a password and it worked, that could go into some machine learning about the rules for that site which could be shared with other users.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Yep, @mbierman. Both approaches make sense. I can't make promises about any of them, but some clients may be seeing (2) rather soon.

  • cadoyle
    cadoyle
    Community Member

    Oh YES!!! This would be great.

    The biggest issues I have seen surround which special characters are (or are not) allowed. Some sites are quite specific. I can understand not allowing characters that are often used in the underlying code, but most folks don't get that distinction.

    I would even consider just adding a specific field where you could check off required items from a list (i.e., upper case, lower case, number, special character, min/max characters, etc) for a given login.

  • @cadoyle

    It is a very common problem indeed. :) There are things we can do here to make the experience better. Hopefully we'll be able to implement some of those things. :+1:

    Ben

  • Fairgame
    Fairgame
    Community Member

    May I suggest an interim step. When I update a password on a website, 1Password pop up asks me if I want to save the new password. I always wait until the webpage behind the pop up indicates that the password was successfully changed. I discard the change if not successful and try again, sometime guessing at the password rules for a particular website.
    I typically use Mac for larger screen real state.
    Could the pop up have a warning to verify that the password change completed successfully?
    I understand that this might be too much clutter in the pop up so I leave it to you. Maybe the changes mentioned above could come soon 🙂

  • That's a good thought @Fairgame. I'll let our UX folks know of the suggestion. :+1:

    Ben

This discussion has been closed.