Passwords like Apple suggested ones

Options
SamEllis
SamEllis
Community Member

Hi, in the future, will we likely see you implementing passwords like the Apple suggested ones? Where they're a string of characters, separated by a hyphen. But not words that can be pronounced.

Comments

  • Stephen_C
    Stephen_C
    Community Member
    Options

    I'm guessing (and only guessing: I don't work for AgileBits) that something like that may come to the Mac version of 1P in due course because 1P for iOS already supports Diceware pass phrases...which is along the lines of what you mention.

    AgileBits (wisely, I think) never talks about planned features or time lines for introducing them) so don't expect to squeeze out of them any more information than that. :)

    Stephen

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @SamEllis: This is definitely something we have on our radar. Thanks for letting us know you'd like to see Wordlist password support in the Mac version! :)

  • SamEllis
    SamEllis
    Community Member
    Options

    @brenty I don't mean have a password with words like in the iOS app, I mean passwords like this: TR&H-AQX#-8{Sd-tYq>
    Thanks for taking it on board.

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @SamEllis: You mean like this?

    Except with hyphens interspersed? Having hyphens at predictable intervals gives less entropy, and I'm not sure it makes it much more readable. Can you give some example of how that particular formatting is useful for you? Thanks in advance! :)

  • SamEllis
    SamEllis
    Community Member
    Options

    @brenty yeah, like that with hyphens. It makes it more readable for me, but if it's significantly less secure then I wouldn't use it. I wasn't aware that it does that

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @SamEllis: Indeed, it probably isn't a huge drawback, but having a known character at known intervals means it's less random and therefore more predictable. Does that mean it's easy to guess? Probably not, but it depends on the length and the method. But you're definitely losing some entropy, so a fully random password of the same length will be stronger.

    I guess what I'm really interested in is why you're reading these anyway. I don't even look at most of my passwords. But if it's a situation where you have to (/gasp) type it out manually, a long Wordlist or Diceware phrase can be made nearly as strong and is eminently more readable/typable. Intersperse the words with randomly chosen special characters, and it becomes a lot stronger as well, since an attacker won't know the length of each word (and therefore the position of the special characters). Cheers! :)

This discussion has been closed.