Password Generator Improvements
I really enjoy using the password generator. I prefer using the "Memorable Password" both because I think length is more secure than complex and because I still sometimes have to type passwords.
After using the generator for a while there are some things I find clumsy about it.
1) For the passwords themselves I would wish for a length setting. I prefer whole words on the memorable password (because they are memorable) but I run into length limitations a lot. For example Fidelity's password limit is 20 characters. They also have an extensive set of special characters that are not compatible in their passwords. Having settings in the password generator that would allow me to tweak those values and only generate valid passwords would be a big help. I finally had to pick a password, take it to notepad and edit it to get a combination of valid length and characters.
2) When using the password generator with a new service I have difficulty with selecting a password, making sure it is accepted by the site, and then saving it in 1Password. My usual method is to cycle to find a password, copy it, paste it into the web site, and then try to create a 1Password entry. It's really easy for the copy to get clobbered in that process and lose the generated password. I would find it handy to have a button for "Last Copied Password". I could see a case for calling "Last Copied Password" insecure since it would leave that password available unless a timeout was imposed. However looking at the notepad where I copied and edited my password also is arguably more insecure.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
This is the generator I'm referring to.1 -
Hello @pmallonee! 👋
Thank you for the suggestion! I'm happy to pass along your suggestion but I was curious if you generated memorable password for all website or just some? Are you typing these passwords in manually because you're on a device that you can't install 1Password on?
1Password has something called a Smart Password Generator which is aware of password requirements for different websites. By using this special generator, you should almost always see a generated password that matche the requirements of a specific website: A smart(er) password generator | 1Password
That being said, I can see how bringing some of these smart features to the memorable password generator would be convenient and I've let the team know.
For the second point, when you paste the password into a website you should see 1Password offer to save that password:
Clicking on Save in 1Password will allow you to save your login credentials without having to manually save the login. You can read more here: Save and fill passwords in your browser
I look forward to hearing from you. 🙂
-Dave
ref: PB-37766946
1 -
There are enough websites where the autofill and save don't work that it has become my habit to work around it.
For example I recently went through creating a Wordpress account with accompanying website. The password entry was on a separate page from the username and the "Save in 1Password" was not offered. In addition, because of the password rules mismatch, saving the password would be done ahead of whether the website accepted the password. It's just easier to copy the proposed password so that it can be pasted in the password field and in the 1Password field.
My Bank of America app still has a lame password because 1Password refuses to fill it and I always have to type it (Android). Synchrony bank (store cards) fails every time (web) on autofill but I can copy and paste the password. Federal savings bond accounts are strictly "No Paste". Those have to be remembered and typed.
I also use the password generator to fill in "Security Questions". Those "What is your favorite color" questions are about the stupidest form of security I can imagine. By generating a phrase in the password generator I can enter a sequence that an AI scanning of Facebook isn't going to guess at. Even on those I ran into a 20 character limit on a retirement website.
Actually productizing security questions is probably a different worthwhile effort.
At least with my Samsung keyboard I can get to most of the characters relatively easily. An Apple keyboard would be a nightmare with those high symbol count passwords. And again, I prefer length where possible for security.
By all means if the password generator can consume a website offered set of password rules that would be appreciated.
I would ask if you though about putting in a 2 Factor Authenticator into the app version. That would be a cool autofill. Unfortunately, getting websites to adopt proper 2FA instead of texts and emails means that is still a ways out.
0 -
Thanks for the reply. For the saving/filling issues that you mentioned, are you running into them when using a browser on a Windows or Mac device? Or when on your Android phone?
I also use the password generator to fill in "Security Questions". Those "What is your favorite color" questions are about the stupidest form of security I can imagine. By generating a phrase in the password generator I can enter a sequence that an AI scanning of Facebook isn't going to guess at. Even on those I ran into a 20 character limit on a retirement website.
You can already generate security questions using the 1Password app: Create unique answers to security questions
I would ask if you though about putting in a 2 Factor Authenticator into the app version.
1Password has a handy feature on Android (and iOS) where, once you've filled your login, your 2FA one-time password is copied to the clipboard so that you can paste it into the website or app: Use 1Password as an authenticator for sites with two-factor authentication - Use your one-time password
In a desktop browser, after your fill your username and password, 1Password automatically fills your one-time password.
I look forward to hearing from you.
-Dave
0 -
I try to do as much account maintenance from a PC keyboard as I can. Typically my use on a phone or tablet would be just access. It looks like my most common use case is in a functional hole compared to all of the other app scenarios. At least I don't see a way to accomplish the security question function using chrome.
I also checked to see how to do the security questions from my Android phone. The instructions for Android say to tap "EDIT" (in bold). It took me quite a while to figure out that "EDIT" is really a pencil icon at the top of the display. I noticed it allowed me to add a security answer without communicating with the service involved. Mostly, I was extremely uncomfortable doing precision editing on my phone. On a different screen I found myself dragging items around instead of scrolling. It's just too easy to do something unintentional editing on the phone.
I really didn't follow the instructions for the one-time password. "...copy the one-time password to your clipboard." Copy from where? A real 2FA generates a unique pattern of codes, usually every 30-60 seconds. Google Authenticator, Symmantec VIP, Entrust Identity, Microsoft Authenticator all perform this function. Many security apps include this kind of algorithm and can register to create that sequence as well. If 1Password is doing this it is not apparent.
All of this really pertains to the conditions and manner with which I use 1Password and not really the original request.
0 -
@pmallonee You mentioned "Federal savings bond accounts are strictly "No Paste". Those have to be remembered and typed." Isn't that annoying!?
I found that there are several Chrome extensions that allow the right click menu to work (I'm on Win 11, your mileage may vary.) I used one called "Allow Copy".I wasn't aware of the security question or authentication functions of 1Password, I'll have to give them a try.
I also find that 1Password has trouble with offering new random passwords and saving passwords. I'll have to take more notice of the specifics to let 1Password support know. (Ironically, it had a problem just now when I created a new account for this community discussion!)
0 -
You can also add security questions to Login items using the 1Password desktop app on your Windows PC: Download 1Password
I really didn't follow the instructions for the one-time password. "...copy the one-time password to your clipboard." Copy from where? A real 2FA generates a unique pattern of codes, usually every 30-60 seconds.
Can you clarify the issue that you're running into? Have you already added 1Password to a website as your authenticator app by following the appropriate instructions for the device that you're using: Use 1Password as an authenticator for sites with two-factor authentication
If you have then you should see a six-digit one-time password when you select the Login item for that website in 1Password. If you're on your Android phone then you can tap on that one-time passcode to copy it to your clipboard.
-Dave
0 -
I have not tried to add 1Password as a 2FA. As I said I was completely unaware of this function and I'm more than surprised I didn't see it since I'm certainly aware of the usage of the function.
To be fair, I have seen the Purple 2FA box pop up. I just didn't realize what it was setting up. There are a lot of things like text and email calling themselves 2FA that I just didn't realize it was login specific rotating code. I guess I thought I was going to have to put in a 2FA to log into 1Password.
0 -
Adding two-factor authentication to your 1Password account is optional, you can read more about the pros and cons here: Should I Protect My 1Password Account with 2FA?
Let me know if you have any other questions that I can help with. 🙂
-Dave
0 -
The 2FA conversation was tangential to the original request about controlling rules on the password generator.
Yes, I knew the 1Password account could be secured with 2FA and at this time I've decided against it.
What I was meaning is that I confused securing 1Password with 2FA with the purple 2FA popup box next to a login. That has more to do with clarity of presentation than with program function.
0 -
Thank you, I've passed along your feedback to the team. 🙂
-Dave
0