Password Generator Suggestion

Options
boberonicus
boberonicus
Community Member
in 1Password in the Browser

Apologies if this is in the wrong forum.

I love the password generator, especially the ability to tailor the length. But it's a bit cumbersome to manage the manually tailored generated password. On Southwest.com, I found that I had to copy it from the generator, save it in 1password, paste it into southwest, etc. It took three attempts and resets for me to get it right. This could be a function of my inexperience.

Also, I had a generated password rejected today for having "efg" in it, which are three letters in a row. Presumably "456" would have also been rejected. Might be something to check for.

You might also consider adding check boxes for other dumb requirements, such as "only these 8 symbols". Although arguably the "words" tab would address that. Hoping that if I generate enough "words" passwords I'll eventually get "correct-horse-battery-staple"

1Password Version: 7.2.1 (70201002)
Extension Version: 1.10.3
OS Version: OSX 10.13.6
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Hi @boberonicus,

    It kind of sounds as if you're saying manually adjusting a generated password from inside the Password Generator alters the change password workflow but it shouldn't. You should find that whether you use a generated password as is or if you adjust it to copy with weird requirements that the rest of the steps detailed at Change your passwords and make them stronger still apply.

    The Password Generator is not perfect, I would certainly agree with that but quite what the right approach is contentious even within our own ranks. One thing we have to be very careful about is if too many options could lead to people artificially limiting their passwords and actually weakening their own security. History is scattered with examples of this in the area of security so it is a real risk. Sadly most of the limitations imposed by sites do weaken password strength. Any requirement that limits in some way, even the there must be a symbol one reduces the search space and the mathematics tells us this has a negative overall impact. Still, I can't believe there isn't a better implementation for a Password Generator that we could use that allows the user control without unintentionally damaging its effectiveness through misuse. What that is though I'm not sure.

This discussion has been closed.