How to change default password suggestion on Chrome
When changing passwords on any website, the extension suggests a new password. Currently, it suggests a 20 character length password. I want to modify this suggestion length/settings, but couldn't find it. I am aware that I can modify these settings in the app and they will apply when creating passwords in the app, but those settings do not apply when directly changing the passwords from a website and getting a suggestion. If you know a way, please let me know. Thank you
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 11
Browser: Chrome
Comments
-
Hey @Maokee, thanks for writing in!
By default, the 1Password extension's password generator is set to "Smart Password", that will suggest passwords that meet the password requirements of a website.
However, you can change it to "Random" instead and set that as default. Here's how:
- Click the 1Password icon in your browser's toolbar.
- Click the Menu ( ☰ ) icon next to "+ New Item" and select "Password Generator".
- Change the "Type" to "Random Password" and toggle on the "Use as default for suggestions" option.
- Then, you can choose to toggle symbols and numbers and the length of characters.
I hope that helps! Let me know how that goes.
-Evon
0 -
@EvonG1P , I'm new to 1Password and I have found that if I choose "Smart Password" for the password generator in the browser extension, it only ever suggests passwords with a maximum length of 19 characters which is 1 short of the "fantastic" password rating I'd like to maintain on all my sites. Any insight on why this is happening?
0 -
Hey @jpit, thank you for your reply, I apologize for the delay in mine.
When we can't read the specific requirements of the website, we fall back to our default which is a 19 characters long password.
Our smart passwords recipe gets updated from time to time according to how well they're being accepted on most websites. Recently, it was around 20-21 characters long, but we've reduced it to respect more websites.
If you're interested, one of my colleagues has written about the smart passwords in great detail here -> 1Password community - Smart Passwords.
I hope that helps. Please let me know if you have any further questions.
-Evon
0 -
Hi, @EvonG1P . Thanks for the reply and pointing me to that previous thread. It was informative.
It is interesting, however, that a default generated password would be less characters than Watchtower's highest recommendation of 20 for "Fantastic". It would be interesting if your team could share any metrics about what percentage of websites that don't have the requirements baked into the HTML accept the 19 characters but not 20. It seems like that would be a small number.
I'd love to leave the smart password feature as the default, but Watchtower has already trained me to not accept anything less than "fantastic".
0 -
Thanks for the reply. I don't believe that we publish those metrics publicly, we depend on customer reports and our own research to determine the best default to apply.
Can you tell me the website address where this password is being generated? A 19 character password generated by 1Password is seen as
Fantastic
on my devices so I'm interested to see what might be happening on that website when 1Password generates a password.-Dave
0 -
Ok, I figured out what I'm seeing regarding the 19-character password only being "Excellent" instead of "Fantastic"...
If you use the "smart" password on the site by selecting it as the suggestion during a password change, the 19-character password is rated "fantastic". But, if you use the password generator manually through the browser extension, that same 19-character password when pasted into the password field is only considered "excellent". (The same is true for a randomly generated password of 19 characters.)
So, it is inconsistent that the 19-character smart password is reflected as "stronger" just because 1password suggested it during a password change. The strength of the password shouldn't really be based on something arbitrary like that and should just be a rating based on actual mathematical strength.
I do realize this is not super important, but I found the inconsistency odd.
0 -
Thanks for the clarification. When you copy and paste a password from the generator generator, rather than using 1Password's suggestion, you're removing 1Password's ability to know that the password was generated by 1Password and is thus truly random and secure.
Passwords generated directly by 1Password will be rated as stronger than passwords that might have come from another source, even if the two passwords are identical. This is because other sources may not be truly random in the same way that 1Password generated passwords are random. You can read a great explanation from a former colleague of mine here: Auto-generated password at the same time "Excellent" and "Fantastic" — 1Password Community
Summary: if you copy and paste a password, even if it was originally generated by 1Password, that password will be rated weaker since 1Password can't guarantee that the pasted password is truly random and it has to assume that it is human created rather than guessing if it's random or not.
-Dave
0 -
Ah, thanks for pointing me to that discussion, @Dave_1P. @jpgoldberg 's explanation was worth taking the time to understand and see that 1password's rating factors in more metrics than just number and variety of characters as most other password ratings do.
0 -
I'm happy that you found the explanation useful. 🙂
-Dave
0