Is there a way to generate passwords without non-consecutive repeating characters?

stevenjklein
stevenjklein
Community Member
in Mac

I know this issue has come up many times before, but I have something new to add to the discussion. Over two years ago, @jpgoldberg posted this comment:

Earlier versions of the 1Password Strong Password Generator did treat "Disallow repeating characters" as banning two instances of the same character anywhere within a password. However, no website or service ever put that kind of restriction on a password

While that was no doubt true when he wrote it, it's no longer true.

Here are the current password requirements for Chase Bank. Note number 8:
1. Must be 8-32 characters long
2. Must include at least two of the following elements:
3. At least one letter (upper or lowercase)
4. At least one number
5. At least one special character from the following: # $ % ' ^ , ( ) * + . : | = ? @ / ] [ _ ` { } \ ! ; - ~
6. Must be different than your previous five Passwords
7. Must not match your User ID
8. Must not include more than 2 identical characters (for example: 111 or aaa)
9. Must not include more than 2 consecutive characters (for example: 123 or abc)
10. Must not use the name of the financial institution (for example: JPM, MORGAN, CHASE)
11. Must not be a commonly used password (for example: password1)

I know that the examples shown in number 8 above shows identical characters that appear consecutively, but my bank confirmed that even non-consecutive repeats are not allowed, so a password mayn't contain strings like 1a1 or a123456789a.

Chase is both the largest US bank and the largest issuer of credit cards in the US. There's a good chance I'm not the only person who is a customer of both Chase and Agilebits.

Is there any way to generate a password that's compliant with Chase's requirements?

1Password Version: 6.3
Extension Version: 4.5.6
OS Version: 10.11.4
Sync Type: Not Provided
Referrer: forum-search:allow characters to repeat

Comments

  • ag_kevin
    ag_kevin

    Hi @stevenjklein ,

    I just tested it out at chase.com, and the rule, written poorly, is referring to two identical characters in a row. I made a password with three e’s in it and they took it just fine. So a1859$dkysa which contains two a’s, for example, should be accepted.

    Cheers,
    Kevin

  • stevenjklein
    stevenjklein
    Community Member

    Thanks, @ag_kevin. When I couldn't get it to accept any generated password, I called Chase tech support, and was told (apparently incorrectly) that no letter could appear twice, even non-consecutively.

    (I'm no expert on password security, but I know that such a rule is stupid, as it significantly reduces the potential password entropy.)

    In any event, I just tried again (using the same password they rejected last time), and it worked. My guess is that there was a temporary glitch with their password change tool.

  • Megan
    Megan
    1Password Alumni

    Hi @stevenjklein,

    I’m glad you were able to generate a password that fit - that seems like a rather long list of requirements!

    I'm no expert on password security, but I know that such a rule is stupid, as it significantly reduces the potential password entropy.

    I will certainly not claim to be an expert either, but I do know that you’re right: anything that reduces the randomness of a password potentially reduces its strength. In fact, it is our hope that password requirements will one day be a thing of the past and we’ll all be allowed to generate ridiculously long, random strings of gibberish with no restrictions to use for every site that we visit. :)

This discussion has been closed.