Need to restrict special characters in password generator to match site requirements
I often have the problem where a site requires passwords with at least one number, and only a limited set of special characters. For instance, today a site stated:
Please use 6 to 20 letters, numbers, and/or special characters. Letters are case-sensitive.
YOU MAY NOT USE:
• " # & * < > [ ] ` { }
If I use the password generator with special characters, more often than not it uses some of these forbidden characters. If I use the password generator in word-only mode, then it doesn't give me any numbers. So I end up having to generate the password manually.
Please advise on how I can generate a password with numbers and with a limited set of special characters. Thank you.
1Password Version: 6.3.3
Extension Version: Not Provided
OS Version: OS X El Capitan
Sync Type: WLAN
Comments
-
Hi @zfadade
Thank you for letting us know what you'd like to see in 1Password. Every site has a different set of rules and things they allow or demand from passwords. Sadly, this only makes passwords less secure instead of more as the end result is supposed to be. When I find sites with this kind of rules I usually generate a "words" password and then manually add one number here or there. I use "." or "-" as separation so it gets the symbol right (this part is already built in) and have one extra letter somewhere in upper case. This is a bit annoying, but better than not having random passwords at all! Anyway, I'm aware that this is a workaround and the best solution for all of us would be to get sites to stop these gimmicks. We'll for sure consider your suggestion to add more controls to our password generator so you can exclude/include the specifics that sites ask for you :chuffed:
0 -
I have switched over to using "words" passwords instead of random letters, as they are much easier to type when forced to enter them on another machine that doesn't have my 1Password installed. However, I'm also facing websites that require a capital letter + number. Would be great to have "generate words" options that (1) makes the words capitalized instead of all lowercase, and (2) adds numbers for me (probably just by appending a single digit at the end, though I guess the option could be any number of digits appended.
0 -
Thank you for your feedback, @aisaksen! The 'Words' option in the password generator was added mostly to help create strong passwords that are also easier to memorize and/or type in situations where you need to enter one manually. Therefore it only uses lowercase letters (as well as a separator between words). An option to include capital letters and numbers would make those passwords more difficult to memorize or type, but I can see how that would be helpful in certain situations, so perhaps we'll consider something like that.
For now, the 'Characters' option in the password generator is ideal for creating passwords that include capital letters, numbers, and/or symbols. But if you want to use the 'Words' option because you need to manually type it on a device that doesn't have 1Password, keep in mind that you can edit a password in the generator - so although it doesn't do so automatically, you can easily add a capital letter and/or number before saving it. I know it's not the same as having a setting to do that for you, but I wanted to mention it in case it helps.
Thanks again, and if you need anything else, just let us know! :)
0 -
Thanks for writing back so quick. yeah, i do the manual edit thing right now for the 10% of website that require more than letters+symbols.
0 -
You're very welcome! Glad to hear you already knew about being able to edit the generated password. :) :+1:
0 -
I have a suggestion for improving the usefulness of Password Generator. Right now, a user has a choice between generating unintelligible random guck, like "NgyZ]2kv474GY8rAEV}a8", or generating a diceware-style password of words, like "income-judaic-diapason". The problem with both of these methods is that many (!!) websites have password requirements that are impossible to satisfy either way, and thus require generating a password, then hand-editing the password to satisfy the website. This doesn't completely undermine the value of the password generator, but it certainly reduces the "joy" factor substantially.
Specifically, many websites have requirements like this (as one contrived example): "Password must be between 8 and 32 characters long, have at least 1 lower case letter, at least 1 uppercase letter and at least one number, and may have any number of the following special characters: ~%#-_".
The problem with 1P's random "characters" password is that the set of special characters 1P allows is often substantially larger than the set of special characters acceptable to the website, so generated passwords are very likely to have special characters that are non-compliant. So, I have to generate passwords repeatedly until by chance, one pops up that doesn't have any violations in it, or I have to hand-edit the generated password to remove or replace offending special character(s), which probably reduces the entropy of the generated password a tad. For this case, it would be nice to have some way to limit 1P's set of special characters to be compliant beforehand.
The problem with 1P's "word" style password is more obvious. Given the same requirements from the website, no password 1P generates will ever satisfy the requirements. I must manually edit any generated password to up-case some letters, and insert some numbers. An easy way 1P could address this would be to add options to capitalize each word, and to insert a random number somewhere, so that instead of "income-judaic-diapason", we might get "Income-Judaic-482-Diapason", which is provably just as random as the original password, but now more compliant with finicky websites. It's also just as memorizable.
My apologies if I filed this topic in the wrong category -- that's likely, as I wasn't really sure where to put it...
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Hi @chris068,
Thank you for taking the time to send us your feedback & suggestions for the password generator! I hope you don't mind, but I've merged your post with another forum thread about the same topic.
I can definitely see how an option to limit which symbols are used would be helpful for some sites. We can certainly consider adding additional settings to the password generator in the future, although there are so many sites that have so many different password requirements, it would be very difficult to support all of them without adding so many generator options that it would become a confusing mess.
But aside from that, as Pilar mentioned above, the restrictions that many sites have on passwords only serves to make those passwords less secure. We don't really want to encourage that behavior by adding settings to match the restrictions - it would be much better if websites stopped imposing those limits. However, until that happens, we don't want to make it difficult for you to generate a password that works with a certain site, either! So perhaps we'll be able to add some more options to help with that in a future version.
For now, as you already know, you can manually edit passwords in the generator if necessary. That's not ideal of course, and maybe we'll be able to make that process easier at some point.
Thanks again for sharing your thoughts about this, we truly appreciate it! If you need anything else, don't hesitate to let us know. Cheers! :)
0 -
Thanks for the fast response. I see your points. I also see that others have asked for similar features. And I see that one of your own (Pilar) uses the same strategy that I do for word-passwords (capitalizing and adding a number manually). I don't agree that capitalizing the first letter of each word in a diceware-style password makes it harder to remember at all -- it's a very predictable and simple pattern, and is trivial to remember. And it obviously does not weaken password strength in any way.
0 -
Thanks for the additional feedback! Although I can't promise if/when we'll add those extra options to the password generator, it's helpful to hear what features would be helpful for our customers, as our developers take that into account when deciding what improvements to make in future versions.
We're here for you if you need anything else! :)
0 -
I just wanted to post in support of an option like this! I love using the words option in the password generator, especially if I'm going to have to manually enter the password somewhere later. I've often been running into the problem described above, where the password requires 1 symbol, or 1 number, etc. Having these options built into the "words" generator would be great!
0 -
I run into that on occasion myself. For now, it's pretty easy to generate an extra long password and delete any banned characters. Thanks for letting us know you'd like additional options in the password generator though!
0 -
These user comments exactly mirror my thoughts with respect to wanting a better option for the high number of sites that require combinations of numbers and caps. When traveling I often need to type in a password and chris068 summarized everything I find frustrating. I love 1Password and the ability to generate words, but having to switch to an app that allows text editing when creating a new password is unusually cumbersome. Fixing this feature — even just to ease manual editing within the app — would be a huge improvement to your typically excellent user friendliness. Thanks in advance for considering a change.
0 -
Being the administrator of a web site, where I often need to create accounts with an initial password (that most users won't change), I like to create a strong password. And here also, the hosting company has put some stupid restrictions on the passwords that can be used.
Of course, 1Password cannot implement all the combinations that are possible. The way I would like it to be is through the creation of profiles. In a profile, I could specify how many characters I want, if I want digits, and which special characters are allowed. I could then create a profile for each specific website that has such limitations, and quickly chose a profile when generating a password.
I understand however that it is not something easy to implement, as profiles would also have to be synchronised across the various platforms...0 -
Hi @dorits,
Thank you very much for your feedback about the password generator!
...wanting a better option for the high number of sites that require combinations of numbers and caps.
The 'Characters' option in the password generator automatically includes capital letters and gives you the choice of how many numbers to use, so that's generally the better option for sites that require capital letters and numbers in the password. But if I understand your message, it sounds like you sometimes need to type those passwords manually? In that case, I can see how having those settings in the 'Words' option in the password generator would help.
...having to switch to an app that allows text editing when creating a new password is unusually cumbersome.
Perhaps I misunderstood what you mean, but you don't need to switch to another app to edit your generated password. When using the password generator, you can edit the generated password before copying/filling it somewhere else.
Fixing this feature — even just to ease manual editing within the app — would be a huge improvement to your typically excellent user friendliness.
Can you please elaborate on the difficulty you have when trying to edit the generated password? You should be able to simply click somewhere in the generated password field and make the edits you want.
Thanks! :)
0 -
Hi @pjollain,
The idea of having profiles for the password generator is interesting! :) I don't know if that's something our developers have considered or not, but as you said, it's a feature that's probably more difficult to implement than it sounds. We also wouldn't want to make the password generator overly complicated - the password generator is a great feature, but not the main focus of 1Password, and I wonder if a more advanced feature like 'profiles' might be better suited for a dedicated password-generating app. I'm just thinking "out loud" though, and it's certainly an idea I can pass along to our developers.
Thanks again for your feedback about that! :)
0 -
Thanks for following up, Drew. You're correct that I sometimes need to type passwords manually. Examples are when using a hotel's business computer or on public WiFi where I don't want to open 1Password, exposing my master password and all contents to anyone on the network. In those cases, I prefer to check my iPhone app on cellular just to get a single password as needed for the hotel computer or my WiFi-only iPad. In those cases, it's much easier to be able to enter a password that had been "Words"-generated, even if it includes capitals, numbers and symbols. Typing random characters is much harder.
On the desktop it's easy to edit "Words." In the iMac version I can click anywhere within the generated password to make changes — e.g. I might take the generated "asthma.rasp.occult" and alter it to "asthma3#RASPoccult" — which would be easy to type on a phone or iPad later on when necessary.
However, on my Apple mobile devices I cannot simply click somewhere in the generated password field and make the edits I want. In the mobile 1Password app the generated passwords display as a series of dots. If I click "Reveal Password" I can see the words underneath the dots, but the dots don't conform in length and position to the characters. To edit the password I must guess where to place my cursor within the dots.
In hopes that pictures are worth a thousand words, I have attached images to describe the problem.
Please let me know if I need to clarify further. Thanks!
0 -
@dorits: That's crystal clear! It may be that we can make it possible to tweak the settings a bit more or edit the password inline in the mobile app in the future. In the mean time, you can modify the generated password using the Notes field, since it's meant to allow some text manipulation. Thanks for the feedback on this!
0 -
Feature Enhancement Request -
As noted by many users above, their is a real need to limit the Special Characters for a specific website to be compliant. Please add a checkable field associated with Special Characters that opens up box to select the Special Characters to be used with the Password Generator.
0 -
This is the most critical Feature Enhancement Request that would provide truly useful functionality to be operational in today's Password Generation environment. Please consider adding this into your next major release. Chad J.
0 -
While it probably won't be in the "next major release", it may be something we can add in a future version. Thanks for letting us know you'd find it useful to be able to choose specific special characters! :)
0
![[Deleted User]](https://w4.vanillicon.com/v2/452d44d7c381af4410d820ae0ad223c1.svg)
