Password generator: using special character
Hi there,
I try to use the password generator for all my passwords, but some only accept only a few special characters and not all the generator uses. E.g. the "%" or "-" is forbidden to use. Is there a way to tell the generator which characters he should choose from?
1Password Version: actual
Extension Version: Not Provided
OS Version: Win7
Sync Type: Not Provided
Comments
-
@Thundersnake There is not, and to be honest I'm a big opponent of such rules. Hackers do not crack passwords -- they crack patterns. Knowing what rules (and limitations) a password has greatly speeds up their brute-force attacks against them. In an ideal world, there should be no such patterns, and a password should not be limited. That being said, I do see us making our password generator more intelligent in the future. Thanks!
0 -
Thanks @svondutch,
I don't like it either, but I can't change the rules, I have to deal with it. And a password generator that can handle it will help me getting the best password according to the rules .. thanks!0 -
We understand that.
We won't limit the character set used by the password generator.
We have plans to automate some of this for our users depending on the site but we can't say when we'll get this into 1Password.In my opinion, your best option for these sites is to exclude the automatic addition of symbols to a generated password (check the advanced options in the password generator) and manually add allowed symbols to the password in the generator.
0 -
In my opinion, your best option for these sites is to exclude the automatic addition of symbols to a generated password (check the advanced options in the password generator) and manually add allowed symbols to the password in the generator.
I prefer to repeatedly click the refresh button in the password generator until it makes one that only has special characters that are allowed by the web site in question. This keeps me from biasing the choice and location of the special characters.
0 -
That's a good option, too :)
0 -
True, weakness from restricted password can be overcome with password length, but why restrict? A truly strong password is both long and unrestricted (preferably allows every unicode code point)
0 -
Hi @mzman,
A network of hundreds of the fastest-known dedicated password crackers in the world would take more than a million years to crack such a password... assuming no key protection is layered on top to reduce calculation time, which it often is.
Unless I misunderstood you, I don't think many sites do anything to slow down cracking tools, many made the mistake of just hashing it with no salt added and that's it, made it easy for crackers to reveal the passwords within days and gave many security nerds the ability to see what passwords people were using in the many breaches that've occurred in the past few years.
However, you are correct that the longer your entropy bit, the less return of investment you're getting. Here's a table we've done after hashcat added support for cracking 1Password's agilekeychain format via GPUs:
That's with 4 GPUs. Yes, you could also get hundreds of GPU instances at certain cloud server farms, it'd still take a long time.
You can find more of this in our blog here: https://blog.agilebits.com/2013/04/16/1password-hashcat-strong-master-passwords/
0 -
I also like to have the ability of choosing special characters or exclude certain characters. To be honest, I think the responses of the team is completely off the mark. The rules of some website cannot be changed, and what we are asking it an additional function to make 1Password more convenient to use. However the discussion goes on to talk about how to make a password more secure. We don't make the rules of the passwords. Either your team can educate those sites to change the rules or add this functionality. Educating the users is not helpful to this problem.
0 -
Hi @liuzr88,
You do have that ability, you can edit the password field in the generator to remove characters or add your own. You can also choose for 1Password to not add the symbols and leave it for you to add it manually in the password field and save it like this, like we mentioned in the first few posts of ours.
Adding more options to the already complex generator's UI is not always the answer. We actually got more complaints from having a complex UI than not having more features, so we do not plan to do this feature but rather simplify it by doing more with less. It is possible we will change our mind and add this if we find out that our plans didn't work out. We do have this feature request on our list and it will be revisited constantly as we always re-evaluate our plans and so far, this hasn't changed, we're not going to add more options to the generator but rather automating certain things.
As for educating the users, it was a question asked why omitting is a bad idea and we took the time to explain why. This thread went through different type of discussions, it wasn't a single topic of adding a new option.
0 -
Mike, Thank you for your quick reply. I understand that adding options may make the UI more complex. It's just very inconvenient to add symbols manually. I wish the generator could do all the things automatically without user intervention. Maybe you can add a preference entry to allow user to pre-define a list of special symbols, so the password generator UI does not need to change?
1Password is a great product and I use it everyday. Just wish it continue getting better. Thanks for such a find product.
0 -
You're very welcome! But really we can't take all the credit. The support of you and the rest of our awesome customers is what allows us to continue working in 1Password. There are definitely things we'd like to do to improve password generation. Thanks for letting us know this is something you'd appreciate as well! :)
0
