Is there a way to generate passwords without non-consecutive repeating characters?
I know this issue has come up many times before, but I have something new to add to the discussion. Over two years ago, @jpgoldberg posted this comment:
Earlier versions of the 1Password Strong Password Generator did treat "Disallow repeating characters" as banning two instances of the same character anywhere within a password. However, no website or service ever put that kind of restriction on a password
While that was no doubt true when he wrote it, it's no longer true.
Here are the current password requirements for Chase Bank. Note number 8:
1. Must be 8-32 characters long
2. Must include at least two of the following elements:
3. At least one letter (upper or lowercase)
4. At least one number
5. At least one special character from the following: # $ % ' ^ , ( ) * + . : | = ? @ / ] [ _ ` { } \ ! ; - ~
6. Must be different than your previous five Passwords
7. Must not match your User ID
8. Must not include more than 2 identical characters (for example: 111 or aaa)
9. Must not include more than 2 consecutive characters (for example: 123 or abc)
10. Must not use the name of the financial institution (for example: JPM, MORGAN, CHASE)
11. Must not be a commonly used password (for example: password1)
I know that the examples shown in number 8 above shows identical characters that appear consecutively, but my bank confirmed that even non-consecutive repeats are not allowed, so a password mayn't contain strings like 1a1 or a123456789a.
Chase is both the largest US bank and the largest issuer of credit cards in the US. There's a good chance I'm not the only person who is a customer of both Chase and Agilebits.
Is there any way to generate a password that's compliant with Chase's requirements?
1Password Version: 6.3
Extension Version: 4.5.6
OS Version: 10.11.4
Sync Type: Not Provided
Referrer: forum-search:allow characters to repeat
Comments
-
Hi @stevenjklein ,
I just tested it out at chase.com, and the rule, written poorly, is referring to two identical characters in a row. I made a password with three e’s in it and they took it just fine. So
a1859$dkysa
which contains two a’s, for example, should be accepted.Cheers,
Kevin0 -
Thanks, @ag_kevin. When I couldn't get it to accept any generated password, I called Chase tech support, and was told (apparently incorrectly) that no letter could appear twice, even non-consecutively.
(I'm no expert on password security, but I know that such a rule is stupid, as it significantly reduces the potential password entropy.)
In any event, I just tried again (using the same password they rejected last time), and it worked. My guess is that there was a temporary glitch with their password change tool.
0 -
Hi @stevenjklein,
I’m glad you were able to generate a password that fit - that seems like a rather long list of requirements!
I'm no expert on password security, but I know that such a rule is stupid, as it significantly reduces the potential password entropy.
I will certainly not claim to be an expert either, but I do know that you’re right: anything that reduces the randomness of a password potentially reduces its strength. In fact, it is our hope that password requirements will one day be a thing of the past and we’ll all be allowed to generate ridiculously long, random strings of gibberish with no restrictions to use for every site that we visit. :)
0