Too few and too simple special characters for random passwords
To me it feels like 1PW generates random passwords with too few and too simple special characters ... using a 32 characters I see often ony 2 or 3 special characters.
And when special characters are used, mostly I see only those: !@.-_*
There are so many more symbols, e.g. :§"?`*'|&/()][{
Why doesn't 1PW generate passwords from the full range of characters and symbols?
The online password generator https://1password.com/password-generator/ creates much randomly passwords than the 1PW app itselfs.
1Password Version: 8.10.33
Extension Version: Not Provided
OS Version: Windows 11
Browser: Not Provided
Comments
-
Hello @pauLee! 👋
Thank you for the question! A few years ago we changed the set of symbols that the password generator in the 1Password app uses so that generated passwords were compatible with the majority of websites. A lot of websites don't support the expanded set of symbols and users were running into an issue where the passwords generated by 1Password were being rejected because of an included symbol. The symbols that are now included in the generated passwords are supported by most websites which lessens the risk of a generated password being rejected by a website.
The password generator on our website uses a version of our code that does yet include the new reduced set of symbols which explains why you're still seeing the symbols there.
I hope that helps. 🙂
-Dave
0 -
It only helps to understand.
It would be helpful if users could determine the choice and complexity of passwords themselves, as I can do in KeePassXC, for example..
I really have to say, I don't like the way that 1Password (AgileBits Inc.) always goes, that they think they know what's best for the user. Why is there no choice in such options?
0 -
One of my colleagues recently provided a great explanation for why 1Password no longer offers as many sliders in the password generator as it used to in the past: https://old.reddit.com/r/1Password/comments/1bocryy/1password_feature_missing_or_am_i_missing_the/kwt1apq/
More options doesn't always mean more security, and it can result in the creation of passwords that are weaker than if you just let 1Password create the password automatically. Out of curiosity, was there a specific reason why you'd like to add more symbols?
-Dave
0 -
Out of curiosity, was there a specific reason why you'd like to add more symbols?
I have already had password fields where a single point was not enough (in a 20 characters password) to fulfil the complexity requirements. Then I had to regenerate the password again or adjust it manually.
I don't wanna tell the generator how much special characters or numbers to use. I just think it would be useful to have a larger selection of special characters. Why not adding one switch to extend the special characters? Let people decide freely what their passwords should look like.
For me, generating a password is currently the point that takes the longest time. I regenerate 9 out of 10 passwords several times - that's annoying.
0 -
Thank you for the detailed reply. If you're generating passwords for a website then I recommend trying the Smart Password generator, it can detect the password requirements on a website and generate a secure password that meets those requirements so that you don't have to regenerate the password again and again.
You can read more here: A smart(er) password generator | 1Password
You can set smart passwords to be the default in the browser by following these steps:
- Open your browser.
- Click on the 1Password icon in the toolbar, then click on the menu button (it looks like three lines in a circle).
- Click Password Generator.
- Set Type to Smart Password.
- Turn on "Use as default for suggestions".
Moving forward, 1Password will suggest smart passwords right on the page that will match the website's requirements:
-Dave
0 -
Jumping on this thread although my request is more restricting than expanding the symbols.
We'll have to deal with many non ASCII systems - specifically EBCDIC.
Although it usually isn't an issue, some login panels might not be correctly configured so I need passwords that avoid some variant (different hex value between codepages) symbols: |!{[]}\@~
Safe symbols are e.g.: -_.*+
So we would really appreciate if 1Password would allow the configuration of the symbols used. From my point of view this could be a global setting, but a per-item config would be perfect.
Regards ... Franz0