Perhaps a... filter on the 'longer' English diceword password generator would be... advisable
Hello guys,
Just a heads up... I'm IT staff for a small company. I was thinking of rolling out a password manager for several staff who have to deal with quite a few vendors (and have quite a few passwords). I was testing out 1password (nice software) but encountered a relatively... unfortunate dealbreaker.
I was looking at the random password generator, made sure I was generating "longer" English words... and the first thing that generated contained a six letter word starting with "N" that would have gotten me fired immediately if that happened during a tech demo to the execs.
I know we don't want to give any password hacker (I wanted to use the term "password cracker" but now I'm hyersensitive and paranoid) a leg up by filtering out words, but maybe just a dozen or two obvious filters wouldn't hurt? I know the chances of me rolling the dice to that match again are astronomically low, but it still gives me pause to allow the use of the password generator. And there seems to be no way to disable it.
Thank you for your time.
1Password Version: 4.6.0.592
Extension Version: Not Provided
OS Version: Windows
Sync Type: Local
Comments
-
@njl4515: I'm really sorry about that. I know exactly what you mean, and we're aware of the issue. This was addressed in the most recent beta, and we're exploring ways to automate this. It's a long list, so I imagine there are other unfortunate words in there. :(
I'm not sure that a few dozen words will cover it, and it can be pretty subjective...but there are some things that we can all agree on. And most importantly, if you happen to come across any others, please let us know so we can take care of it. You can contact us directly at support@agilebits.com if, for obvious reasons, you don't want to post some things on a public forum.
Again, I apologize for the experience you've had. We're currently testing the beta with other improvements so we can release it to everyone soon.
0 -
As long as you guys are aware, I'm happy. That wasn't even a feature we would have planned on using, but given we couldn't disable it, a user would have eventually played around with it and saw how many humorous words he could find.
Is there a way to manually edit out the list of words? The link you posted, at least for me, is not working.
0 -
@njl4515: Thanks for your understanding. :blush:
Is there a way to manually edit out the list of words?
No, but we'll be taking a closer look at it ourselves, and we're also happy to listen to any feedback that you or anyone has for us!
The link you posted, at least for me, is not working.
Not working? :dizzy:
It's just our update site, which includes the release notes. Are you getting some kind of an error? Lately we've had some reports that some people can't connect because their browsers' security settings are a bit off, and our website does require TLS. Please let me know what you find!
0 -
Yeah, that one is on me. I just figured there was a typo in the link. I was using IE at the time and the newest version of TLS isn't enabled on default because... reasons?
Anyway, I appreciate the quick response. 1Password is definitely still in the running, simply because it's good software. It's up to compliance and the managers now. We'll just suggest they avoid that password generator right now :)
0 -
On behalf of Brenty, you're welcome.
I'm glad to hear. In the meantime, you might also want to check out our upcoming 1Password for Teams service that might be a better fit as well for your company in the future.
0 -
Appreciate the suggestion Mike, but I had taken a look at it and it didn't really fit our needs. This is all individual accounts because vendors have to delegate certain files to certain employees at our company. There is no overlap. Furthermore, the feeling now is that IT won't actually manage these password vaults, it will be individually managed with us just locking down any features they don't need. That could change, and we could look into 1Password for Teams and other various Identity Management systems.
0 -
Hi @njl4515,
Thank you, we appreciate knowing that.
While it won't fit your needs, this is something we're targeting for; inviting external sources as guests into vaults to share with the internal teams or individuals. There are group vaults and individual vaults, each vault can be individually adjusted with a fine-grain permission set for each teammate and/or guest. The vendor would use it the other way around in your case, your individual employees would be assigned as guests on the vendor's team account only assigned to specific vaults as guests, giving the vendor total control over the files and data. Each user can join more than one team.
0