Diceware Feature
I love the new support for Diceware in the password generator, but I would prefer to also randomize the separators between each word. Could that be added to the next update?
Comments
-
@littleluce: I don't know about "the next update", but it's centrally something we'll consider for a future version. I'm glad you're enjoying the new Diceware feature in 1Password 6! :chuffed:
0 -
@littleluce, you might be interested in my reply to the same suggestion brought up in this thread.
In short, it would be much more effective to add an extra word to your passphrase than to randomize the delimiters because it's only one more thing to remember instead of several, and it generates more entropy than random delimiters would.
0 -
I understand that, but the issue that I run into is when I want to create a memorable password for a site or service that requires certain characteristics in the password you choose. "Must contain a number, uppercase & lowercase letters, at least one symbol," etc... In that case I would prefer to use a modified version of Diceware so that my password meets the site's requirements and is still more memorable than a typical password given by the password generator
0 -
I see, good point. In that case, random delimiters would only solve the symbol requirement, not uppercase letter or number. I would suggest for sites like that that you create and save the passphrase, then use the regular password generator to pick your uppercase letter, number, and symbol.
Really, though, if you have a strong passphrase already, you could just add any number, symbol, and uppercase letter to the passphrase and it certainly wouldn't get any weaker. So I might just add
A1!to any password that had requirements like that. Then you don't lose memorability either since it can be the same characters in every password.Normally we don't recommend picking your own password characters, but as long as you're using them just to meet requirements and not relying on them to make a secure password, it's no problem.
0 -
What I'd like to add here is that maybe you could make the case of each word random in diceware? So it could be either "horse" or "HORSE", of course. Not much more to remember and it effectively doubles the dictionary, I think.
Also, take a look at the iOS preset from xkpasswd.net. I really like his format options to help use upper/lower case, numbers and symbols.
0 -
Yes, that would double the dictionary and thus add one bit of entropy per word. We will see where this road leads, and perhaps take this into consideration for a future update.
Note though that you can increase the strength of your passphrase much more by simply adding another word (14 bits vs 4-8 bits), and that's only one more thing to remember rather than having to remember the case of each word.
0 -
Thanks. I was mostly mentioning this due to the (frankly bizarre) password restrictions some sites impose.
I'm loving the diceware passwords for stuff like encrypted disk images. A 10-12 word, easy to type password is pure win!
0 -
Thanks. I was mostly mentioning this due to the (frankly bizarre) password restrictions some sites impose.
@Evenprimes: Indeed! This is often a pain point for many of us, I'm afraid. :dizzy:
I'm loving the diceware passwords for stuff like encrypted disk images. A 10-12 word, easy to type password is pure win!
Awesome! Me too! I am still slowly going through and updating 'security Q&A' stuff for accounts, as many of the automate phone systems now want me to speak them aloud...and I've found they often aren't happy to hear me spell out
7QrYRMpFqX2skQ. :lol:0 -
Agree with the earlier comments 100%. Check boxes for capital letter, number, symbols, etc to tack on to the end of a passphrase would be great.
0 -
Thanks for the continued feedback!
0 -
I may/must be missing something. Why not pick 5-6 words directly from the Diceware list and skip tossing of the dice?
0 -
Hi @teamherrick ,
The diceware algorithm is designed to make the choice random to maximize the entropy, ensuring a secure password. The tossing of the dice is simply the real-world analog to ensure randomness.
Regards,
Kevin0 -
Some sites have a character limit. Can you look into adding that as well to the diceware generator. Basically adding to the customization of diceware based passphrases.
0 -
Hi @ern741 ,
We can certainly look into that, but I should say that once you start putting restrictions on the words that can be used in the diceware password, it reduces the randomness and make the password more predictable. An attacker can use this information to reduce the number of attempts it takes to figure out the password.
When sites have length restrictions that are too small for most diceware passwords, we recommend using the random character generator instead.
Regards,
Kevin0
