Password generator customization for 1Password 7

mpower
mpower
Community Member

Hi 1Password community,

I have recently upgraded to 1Password 7 last month. Today I need to perform a password update and was trying to use 1Password password generator. The site that I was on requires at least 2 numbers and no symbols so I was looking for a way to customize the generated password. I tried to search for this option on 1Password Chrome extension and 1Password app settings to see if this feature was available somewhere.

Since I could not find it, I ended up searching on Google and found this web page instead - https://1password.com/password-generator/

Thought I could just copy and paste this into the browser but that wasn't possible so I had to type in everything twice. In 1Password 6 this feature was available, is it hidden somewhere on 1Password 7 or this feature has been removed now?


1Password Version: 7.7
Extension Version: 1.24.1
OS Version: OS X 11.1
Sync Type: 1Password Cloud

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @mpower!

    You are correct that the password generator has received some updates recently. In summary, these changes were made to improve security since they increase the randomness of the generated passwords. If you are interested in the technical details behind it, please see this post from our security team.

  • mpower
    mpower
    Community Member

    Hi @ag_ana thanks for sharing the post, have a great weekend!

  • ag_ana
    ag_ana
    1Password Alumni

    You too @mpower, thank you! If you have any other questions, please feel free to reach out anytime :)

  • frankly
    frankly
    Community Member

    Thanks for the link to the post. It helped me understand the decisions that were made, but if I don't agree with them, I am left without a way to provide input because the thread is closed. The problem is with how 1Password and @jpgoldberg in particular are viewing this. @jpgoldberg said, in this post:

    https://1password.community/discussion/comment/508219/#Comment_508219

    But we want to move toward a notion of the user specifying what function of the password is. So here are questions to help think about different functions

    1. Passwords that will never need to be typed or memorized, but do need to work in websites.
    2. Passwords that need to be memorized and frequently typed (including on mobile keyboards). Your 1Password Master Password has those needs.
    3. Passwords that don't need to be memorized, but will occasionally need to be typed or transcribed. Passwords for things like disk encryption fall into that category
    4. Passwords that don't need to be memorized or typed, but may need to be spoken. Fabricated answers to things like your mother's maiden name fall into this sort of category.

    That would be wonderful if we lived in a world where 1Password also made the password rules for every website. The problem is that you don't make the rules. One of the jobs we have hired your software to do is to generate passwords for us when we create a new account on a site or the site requires us to change our password. With this new password generation scheme, I find that you are failing at the job I have hired you to do. I just had to update my password on a site which required the following:

    1. One uppercase letter
    2. One lowercase letter
    3. One digit
    4. One symbol
    5. Can't use - or _

    So, I had to generate password after password, checking each one to determine if it had one of those forbidden symbols in it. If it did, I had to spin the wheel again, hoping that I would get a useable password.

    This is defeating the purpose of one of the features the app is hired to perform. In summation, the four options you listed above would be wonderful, but not if that means making it harder to deal with the reality of password requirements across the internet.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the feedback @frankly! I am sure our security team will find it useful :+1:

  • frankly
    frankly
    Community Member

    Thanks a bunch :+1:

  • mpower
    mpower
    Community Member

    Great post @frankly! :)

  • ag_ana
    ag_ana
    1Password Alumni

    You are very welcome :)

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    That would be wonderful if we lived in a world where 1Password also made the password rules for every website. The problem is that you don't make the rules.

    You are absolutely correct @frankly that the ideal I described omitted the concern for website compatibility. I was presenting one side of the story. You may not know this, but behind the scenes we are teaching our generator the requirements for different sites. Furthermore the new smart password is designed to comply with most site requirements, and is based on research of site requirements. You can read more about this on our blog: A Smart(er) Password Generator

    But it appears that so far this has not worked for you. If you are willing to share (either here or more privately through support) what sites the generator is failing for you, we can work on teaching the generator about those sites and requirements.

  • frankly
    frankly
    Community Member

    @jpgoldberg Please don't take this the wrong way, because I do appreciate the work you are doing. However, it is not up to me to spend my time telling you every time a site is not compatible with your product. Unfortunately it would take me less time to simply correct the passwords and move on each time. It won't leave me with the same sense of love for your product as I've had in the past, but I'll deal with it because I still love so much else about 1Password.

    I will make one last request. Your product already had this problem solved. What you have done is remove functionality that already existed and replaced it with something that may work better in some situations but works worse in many others. I'm not saying that you shouldn't work on better solutions. My request is that you add an option that would allow us to use the previous version.

    The bottom line is that there are countless sites, each with their own password requirements. I'm reminded of the proverbial dog trying to catch its own tail. :)

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    No worries. It certainly isn’t your job to tell use about websites that are now a problem for 1Password, but it is also useful for us understand how frequently people are encountering them.

  • frankly
    frankly
    Community Member

    Frequently enough that we took time to post here about it being a problem.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you @frankly! I have let the rest of the team know that you have encountered this too :+1:

    ref: dev/projects/customer-feature-requests#28

This discussion has been closed.