Where is the pronounceable password generator gone :(
Comments
-
Hi @qas_its,
You need only select "Words" in the segmented control for "Words" and "Characters".
Hope this helps.
0 -
Thanks for your reply.
Sadly, This isn't the same as the old pronounceable password generator which in my opinion created more secure short passwords.
0 -
Ah I understand @qas_its,
Unfortunately that type of generator is not available any longer. Sorry about that. We consider Words a lot more functional as a pronounceable option for password generation.
The old pronounceable methods were based on something that had been critiqued security-wise for some time.
Sorry about that.
0 -
That is such a shame, it was my go to feature when creating semi secure temporary passwords for new users and i found it tremendously useful and I haven't found anything to replace it.
0 -
I agree with @qas_its. Can you help me understand how a password of dictionary attackable words separated by clear delimiters is deemed more secure than a password of non-dictionary attackable non-words? And while you may consider Words more functional, I consider it as an unacceptable replacement and therefore removing functionality. I would like to log another request to return the old pronounceable method. Just some customer feedback, FYI. Thanks.
0 -
Hi folks,
Our "Words" password generator is Diceware compatible. You can read more about Diceware here:
Diceware - Wikipedia, the free encyclopedia
It is unlikely that we'll have both Diceware and the old Pronounceable generators, as the interface starts to get cluttered. For the majority of folks the Diceware generator serves the same purpose with a higher level of security.
Thanks for the feedback!
Ben
0 -
I just upgraded from 5.4 to 6.1 and I was shocked to see that this important feature was axed, apparently - judging from the official comments here - because of the weird reason "we don't think you need it".
here's the thing: The old Pronouncable freature was GREAT at creating unique and random USERNAMES. Whenever a site requires a public username (such Agilebits forum...), I used to generate a 8-10 letter pronouncable password and use as username.
A randomly generated username, not recycled across websites, seems important for privacy.
But alas, Agilebits removed it just because YOUR narrow idea of how people use existing features didn't match reality (at least not in my case).
Very very disappointed. Also, I can't really see any major advantages to the new version over the old one, so the downsides with this "upgrade" outweigh the upside. Therefore, I wonder:
Is there a way to downgrade to a lower version? I would rather have my old 5.4 back than 6.1 as the "random username" function is sorely missed. :(
Until then I guess I'll have to avoid upgrading on my other Mac and use that as a username generator. >:(
0 -
Unless.... you could add a separate "generate Username" function, but judging from bwoodruff's comment above you apparently rather have an "uncluttered" interface than features that people request... :/
0 -
I just upgraded from 5.4 to 6.1 and I was shocked to see that this important feature was axed, apparently - judging from the official comments here - because of the weird reason "we don't think you need it".
@assai_puppet_wean: That's not something anyone's said. Without going into too much detail (you can find that further down), the "pronounceable" passwords were demonstrably weaker. 1Password can make a stronger password by using the character generator, or a more human-friendly one using words. You can find the extensive existing discussion on this topic here (with a direct link to jpgoldberg's detailed explanation):
Old "Pronounceable" vs New "Diceware" Passwords
here's the thing: The old Pronouncable freature was GREAT at creating unique and random USERNAMES. Whenever a site requires a public username (such Agilebits forum...), I used to generate a 8-10 letter pronouncable password and use as username.
A randomly generated username, not recycled across websites, seems important for privacy.
But alas, Agilebits removed it just because YOUR narrow idea of how people use existing features didn't match reality (at least not in my case).It sounds like you're making some pretty big assumptions. The character generator is actually better at generating a random string...but doing so for a username isn't something that will increase your security anyway:
Usernames are typically not designed to be secret. The are treated differently by servers and systems than passwords are.
Trying to keep something secret when it wasn't designed to be a secret and isn't treated as such is problematic. But if you're intent on having random usernames in addition to unguessable passwords, you'll get better entropy with the character generator than the old pronounceable one.
0 -
You seem to have misread my post. I didn't say anything about the username being for security - I said it was for privacy. (Although... more privacy usually gives more security too, and lack of privacy opens up social engineering attack vectors).
To clarify what I am talking about:
This is a username: brentySince you are operating in full openness, being an official member of staff, that's all fine and well as a username. For professional reasons you may need to use it on other sites as well. fine.
However, generally it is unwise to operate on a single username on the entire web. I shouldn't need to explain the dangers of identity theft, fingerprinting and similar problems. You really do want a unique username for each forum you operate on, unless your real-life identity need to be tied to it (such as if you are in an official position such as yours).
I call it username, or call it an alias or public name or whatever. That's what I am talking about. Quite a lot of sites require you to, upon signing up, specify such an alias. Or later, such as the Agilebits forum. As you can perhaps see, I did choose my Agilebits username (assai_puppet_wean) using the shortest possible three-word generator with the new 1password. It is still rather clumsy and a heck of a lot of characters, compared to one that I could have created using the old pronouncable generator. In addition, since it uses real words, it seems to imply meaning, which is just confusing. And it also bears a distinct hallmark (the three-word pattern) that if I use such a username, even if different, would stand out and indicate that they were created by the same person, whioch forfeits the whole point of using different usernames for different foras.
A (public) username needs more randomness than that. Or apparent randomness rather. the old generator provided that. It was a pronouncable word that usually had no clear meaning, yet didn't usually stand out as characteristically as something in the style of "assai_puppet_wean" does.
Using the random-character sequence on the other hand gives randomness all right, but it does not give me a usable forum handle. {174qnG18K=6 is not a useful username.
It sounds like you're making some pretty big assumptions. The character generator is actually better at generating a random string...but
Yes, I am perhaps jumping to conclusions but your comment confirms that I do so rightly: I am talking about the old feature being useful for a specific use (creating pronouncable, random usernames). this is a different purpose than creating passwords for security. Granted, my use of this feature was non-standard and probably "unexpected" by you devs. But to me, it was an "emergent" feature, so to speak, that made 1password more useful to me than it is now that you axed it.
0 -
Hi @assai_puppet_wean ,
We can certainly appreciate your use of pronounceable for generating usernames, even if nonstandard. There are a few other use cases for pronounceable too. I do want to assure you that we are not finished with the password generator, and we will be making changes to it in the future. We can't say yet if pronounceable will come back in exactly the same form it used to be, but we do recognize the uses cases and will be making adjustments. We did want to get the word list generator out and it did cause user confusion if just added alongside pronounceable, so we still have a bit of thinking and work to do about this.
Thanks so much for taking the time to write in about your use case. It will certainly help a lot.
Cheers,
Kevin0 -
Thanks for this answer Kevin. Much appreciated. Looking forward to the feature hopefully/perhaps returning in some form in the future then :)
0 -
:+1: :)
0 -
Hi guys,
I am also saddened by the changing in the password generator.
In most case, I use the longest possible weirdest string possible (also impossible to type in manually) and then either use 1Password login options or copy/paste the password.
The those odds exceptions where this is not possible, I use to love the hyphen separated sequences was great. ex: A1-J4-K2-99-KX-QQ
This was pretty simple, reasonably "typeable" and gave me a "reasonable" sense of security.I am very disappointed in your new password generator (introduced in Mac version 6 I think).
Sadly, the "words" options is not practical for many websites with limited password length.0 -
Hi guys,
I am also saddened by the changing in the password generator.
In most case, I use the longest possible weirdest string possible (also impossible to type in manually) and then either use 1Password login options or copy/paste the password.
The those odds exceptions where this is not possible, I use to love the hyphen separated sequences was great. ex: A1-J4-K2-99-KX-QQ
This was pretty simple, reasonably "typeable" and gave me a "reasonable" sense of security.I am very disappointed in your new password generator (introduced in Mac version 6 I think).
Sadly, the "words" options is not practical for many websites with limited password length.0 -
I don't know the world in which AgileBits developers live but I find the dictionary approach (three lowercase words separated by a common symbol) is simply incompatible with the password requirements for, at a minimum, a substantial minority of websites. This occurs because policies include:
-- Length limitations
-- Mixed case requirements
-- Mixed alphanumeric requirements.As an example, Marriott.com requires:
-- 8 to 20 characters
-- Lower case letter
-- Upper case letter
-- Number or character $ ! # & @ ? % = _There are many times when autofill or copy and paste are simply not available and the auto-generated character passwords can be very unwieldy, especially on mobile devices. As an alternative to brining back the pronounceable generator, perhaps you can add a "compatibility" toggle to the word generator that caps the maximum length (likely limiting it to two words) while adding mixed case, number substitution and use of a random separator.
0 -
Hi @Drone1239872349 and @dnyc,
Thank you both for taking the time to let us know why the pronounceable password generator was more helpful for you than the new word-list password generator in certain cases! We've heard from other customers with similar feedback, and I'll be happy to forward yours to our developers as well. I can't guarantee if/when we might bring that feature back to the password generator, but our developers would really like to do something about it, since the word-list style generator doesn't seem to be working well as a replacement for everyone.
In case you're interested in reading more about why this was changed in the first place, jpgoldberg wrote an in-depth explanation in another forum discussion here: https://discussions.agilebits.com/discussion/comment/276861/#Comment_276861 (There's a lot of other good information in that thread as well.)
Thanks again, and please let us know if you need anything else. Cheers! :)
0
