More password generation options?

jhands
jhands
Community Member
edited June 2016 in 1Password 4 for Windows

The included password generator is alright, but I'd love to see more advanced options.
I still use KeePass for password generation sometimes due to the advanced customization.

Today I needed to generate a long password with 0-9 and had to use KeePass to do so.

Ps. Maybe I'm the minority, but I prefer to use 2048 character passwords whenever sites let me. =)


1Password Version: 2016.6.300d
Extension Version: Not Provided
OS Version: W10.14352
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited June 2016

    The included password generator is alright, but I'd love to see more advanced options.
    I still use KeePass for password generation sometimes due to the advanced customization.
    Today I needed to generate a long password with 0-9 and had to use KeePass to do so.

    @jhands: Thanks so much for the feedback on this! I know we've had similar requests from Mac users, and it's good to know that Windows folks care too! We're working toward better feature parity between platforms, and this could be a good opportunity.

    That said, I really don't think we want something that looks like that. Can you tell me more about the options you actually use regularly? If we expand 1Password's password generator options, we really want to stick to the ones people will use so we can keep the app clean and unintimidating.

    Ps. Maybe I'm the minority, but I prefer to use 2048 character passwords whenever sites let me. =)

    Sites that support this, unfortunately, are woefully rare. But here's hoping for a better tomorrow! :)

  • jhands
    jhands
    Community Member

    Maybe there could be an advanced tab? I get that most people would use the basic tab but I would think power users would be a decent amount of people who would take advantages of more advanced options.

    Blacklist is nice because some sites allow certain special characters but not others. For the same reason character sets are nice because it's faster than a blacklist and usually gets the job done without removing all special characters.

    Little thing but it bugs me: Why did you change from 64 character max to 50? 64 is a much better number...

    Also I think there should be a checkbox to use a random amount of numbers/special characters. Why would I want only 6 specials in a 50 character password? Sometimes I'd prefer more, or at least "random."

  • Hi @jhands,

    The problem is that each simple setting we add to the program, it becomes twice as complex to maintain, so we have to justify it. When we add a new setting, we have to consider why it is important to add this and see if there's a better and simpler solution for this.

    We have no intentions of using that kind of complex UI in your screenshot and Advanced view is something we want to avoid at all costs. Even though we do have it in some areas, we're redesigning them in the future versions of 1Password.

    Blacklist is nice because some sites allow certain special characters but not others.

    We do have some ideas on how to handle this differently but we are not at that point where we can share our plans publicly as we're not sure if it will work well enough.

    Why did you change from 64 character max to 50? 64 is a much better number...

    I'm not sure what you mean, we're still showing 64 character max or are you using 1Password 6 beta right now? The generator in the 1Password 6 beta is not implemented fully. It will be changed completely in a future update.

  • jhands
    jhands
    Community Member

    Sorry I should have put all these in the beta forums. Yeah 1P6....
    You make valid arguments in terms of complexity. I think maybe I just need to use KeePass when I need a more complex/customized password.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I think having separate "advanced" options isn't such a bad idea. We'll also see if there are other possibilities that might provide a good user experience. Thanks so much for bringing this up! :)

  • konfuzed
    konfuzed
    Community Member
    edited August 2016

    I would throw my vote in for the advanced options. I love the ability to more easily remember some key stronger passwords via the word lists, but due to site or system policies need to be able to quickly generate ones with say certain number of the words with capital letters and things like tossing in a memorable number swap or symbols somewhere. I end up using https://xkpasswd.net/s/
    so often due to its generation control ability in the end. Would be nice to have a bit more in the 1password auto generation preferences even if it's NOT always controllable for all those flags in the mini-menu version.

  • Hi @konfuzed,

    One of the ideas we have throwing around is that we could host a database of known sites with password profiles (like what we're doing with Watchtower and compromised sites), so that when 1Password sees a known site, it can automatically set the rules for you.

    However, with NIST's recent guidelines suggesting the sites should not use complex rules like this since it doesn't help, hopefully the rest of the industry will comply with this as well.

  • konfuzed
    konfuzed
    Community Member

    Thanks @MikeT. I was glad too to see the new NIST guidelines, but the legacy sites will be around for a decade+ unfortunately, so we'll all be suffering for a while I fear and have to deal with that.

  • Yep, that's why the profiles make sense since these sites aren't likely to change for a long time and it may not take much to maintain it.

    Although, it does question the security of the said sites if they don't update often. Hopefully, we'll have something for you guys in a future update along with this idea.

This discussion has been closed.