1Password Feature Request: Caps Slider

benfdc
benfdc
Community Member
edited June 2014 in Lounge

I’m posting this in the Lounge because it’s a cross-platform request.

Right now there are two sliders in the 1Password random password generator: digits and symbols. I would like to see a third slider: caps (or capitals).

At present, generated random passwords are mixed-case, and capital and lower case letters seem to be evenly distributed. This seems wrong to me. Capital letters in passwords are an annoyance. They make passwords hard to read over the phone and hard to enter, especially on mobile devices. As Arnold Reinhold notes in his Diceware FAQ, random caps are a very inefficient means of adding entropy, and really only make sense when a system sharply limits password length. The other reason to use capitals in passwords and passphrases is that some sites require at least one capital letter in a password, just as they sometimes require at least one digit or symbol.

My number one request for enhancing the password generator is to add a passphrase mode (already present in 1P4/Win), but a capitals slider that would let me control the number of caps in generated passwords and passphrases is a close second. Because the purpose of the passphrase generator is to generate passwords that are easy to remember and enter, I would second Reinhold’s recommendation that capitals in generated passphrases be initial caps, and I would invoke the same reasoning to propose that digits and symbols in generated passphrases be placed at the end of words (to take advantage of the default behavior of the iOS keyboard). The user can always edit a generated passphrase to shift a symbol, numeral, or cap to a “more random” location, but IMO the default behavior of the generator should be one that yields the most user-friendly result.

Comments

  • RichardPayne
    RichardPayne
    Community Member

    Your Reinhold link doesn't work for me so I may not be understanding this but the idea of only capitalising the first letter of a word smells suspiciously like an easily predictable system.

  • benfdc
    benfdc
    Community Member
    edited June 2014

    @RichardPayne—Your objection is correct as far as it goes, but it is moot if you accept Dr. Reinhold’s premise that the entropy gained from using random caps isn’t worth the trouble. My link to his discussion works on my Mac and my iPhone, but here is the paragraph at the end that is most relevant to my Caps Slider proposal:

    Exceptions: This analysis does not apply to situations like older Unix login passwords, where the length of the password is limited to 8 characters. There random capitalization is an important way to increase security. Also some systems insist that you use a mix of uppercase and lower case letters for passwords. For such systems we suggest you select one of your Diceware words at random using a dice throw and capitalize its initial letter.

    The whole FAQ is worth reading if you find the subject interesting. It’s also nice to see that Dr. Reinhold revisits it every so often. The section following the discussion of capitals focuses on whether or not to separate the words of a passphrase by spaces. Dr. Reinhold recently changed his recommendation on that subject, and he states his reasoning.

  • RichardPayne
    RichardPayne
    Community Member

    ok, the link is working now. Temporary glitch I guess.

    The only problem I have with it is that makes a shift key press equal to any other. The reality is that a shift key press is made at the same time as the key that it is modifying. On a normal keyboard, assuming the use of both hands, it's no slower to type a capital than a lower case letter.

    That said, it you use a mobile device then I'd agree completely.

    From your OP I just noticed this:

    At present, generated random passwords are mixed-case, and capital and lower case letters seem to be evenly distributed.

    I'm not seeing this. They're all lowercase, so why the need for a slider?

  • benfdc
    benfdc
    Community Member
    edited June 2014

    Pronounceable passwords are presently all lower-case; a caps slider would be helpful for websites that demand mixed-case passwords. Random passwords are presently random case; a caps slider would benefit caps-averse users. While I personally agree with your point about shift-key presses on computer keyboards, I have some two-finger typist friends who would not. More importantly, 1Password is a cross-platform product, so IMO even the desktop apps should facilitate the generation of mobile-friendly passwords.

  • khad
    khad
    1Password Alumni

    Thank you for letting us know you are interested in this!

  • RichardPayne
    RichardPayne
    Community Member

    @benfdc‌

    Pronounceable passwords are presently all lower-case; a caps slider would be helpful for websites that demand mixed-case passwords. Random passwords are presently random case; a caps slider would benefit caps-averse users.

    Maybe it's just my own use blinkering me but I can't imagine why you'd use pronounceable passwords for anything other than Dropbox, your primary email and your master password. Anything else would be random passwords fill in by 1Password so who cares if they're hard to type.

  • benfdc
    benfdc
    Community Member

    Some apps block pasting, so the blasted things must occasionally be typed. Or sometimes read over the phone. Maybe a caps slider would not be of value to you, but it would to me.

This discussion has been closed.