Generated Password Strength is weaker than even the website generator

I've always wondered why the password generator on 1Password 8 was weaker than its predecessor, or even than the website generator, https://1password.com/password-generator/ .

Starting from 1Password 8, I observed that:
1. No matter how many times you refresh the password being generated, it barely contained characters like #, $, ^, <, >, +
2. Unlike 1Password 7, the full generated password is not showing. So if you are generating a long and strong password that contains numbers and symbols, the last characters are not being displayed until you click "Use".

Say I want to generator a 64-character password that contains symbols and numbers, I almost instantly get this on the web-based password generator:
!g~zej77kFmhMNk.E9@fW]5>mu5,H8P}PN@:qE1bDqhHu3xT+YTV@C1GJGmN4%@)
TBm_oZ7uivyM4mFt-EsW6yG?,yjFCT%oob~3Cf+R5)!j8D_r4h.v,Nao~im-,5gL
+0WE#qMgeYRb?#o*-@}:ECW,UhY65W9--s%b+2RfQ+>cM-NP:d-HDXT68!Gx_N>h

If I use 1Password 8 to generate the same length and config, the first five times I get:
!oKTZqk.9tjPM.nsaWK*3FekQ@b9xDPW3GnZnmjFV98wK6j8_x2R8Wh4RNEBKHei
@hA.wUt_CQn2hTMftRwV7h9QEHN.get2zLMHLvKwd4qK!8_GpHevrAuYWyEw-Wci
N2PhyyC3hyjhyqFJTA!*.pcM2sBaGZ8QnQwWf4.ygrRDm8.jZ**bVqP4rAs8_BXR
2vBgZZ!AFEwLjiYEC_csY2cpj7wkQC4cmPswUHhTdUgx6ahTCuFyZBqLd!*rzz8g
FedGWFyPW.uAppEotF.ymdbDrfPBKscBko8cWCtyiL3ksPPdVmDmY36iX4AQMs!6

That's a huge difference. All I can see is that 1Password 8 is generating more letters less room for symbols and numbers.

To sum up,
! shows up 6 times in total
. shows up 9 times in total
* shows up 5 times in total
@ shows up 2 times in total
_ shows up 5 times in total
- shows up 1 time in total.

No other symbols can be found.

Did 1Password simplified the symbols or something when generating? I'd really like to see different symbols showing up other than the ones above.

Also I'd really like to see the full password instantly when is it generated.


1Password Version: 80500045
Extension Version: 2.2.0
OS Version: Windows 11

Comments

  • Hey @doio:

    Great question, and I'd like to apologize for the delayed response here.

    So there's two pieces at play here. The first is as you've noticed, we've tweaked the symbol set of our new Smart Password Generator to only include !@.-_*. We've found that these symbols are accepted in most places, and require less fiddling to ensure that your password is accepted by a service.

    As for the second, would you mind elaborating on the use case for being able to view the entire password before it's saved in the password field itself?

    Jack

This discussion has been closed.