Enhancement Rqst: Separator for Character PWs

RJC_CA
RJC_CA
Community Member
in Lounge

A separator is provided for the Word PW but is absent from the standard formula. Provisioning a delineator for standard PWs (a hyphen, period, underscore, etc) would be helpful in splitting lengthy PWs into readable blocks for the times they must be read and entered by hand.

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @RJC_CA: That would reduce the strength of character-based passwords, having predictable separators, but it's possible we'll add something similar to that in the future if we can find a good way to generate strong passwords like that. But really it would be best to use a word-based password since those are not only easier to read and type, but also very strong, since they're being generated from a database of over 18000 words. Cheers! :)

  • RJC_CA
    RJC_CA
    Community Member

    Thanks for replying. I want to make sure I’m comprehending correcting...is a 15 character PW less secure when broken into separated blocks of 5 chars (total 17 chars)? From a solving perspective the consequence of predictability seems logical if thats what your saying.
    Thx
    RJ

  • AGAlumB
    AGAlumB
    1Password Alumni

    @RJC_CA: Automated guessing of three five-character strings separated by two fairly predictable characters would be easier than 17 characters that are all completely unrelated and random. But my main concern is that you're also getting very little benefit with regard to separators when the other characters are still not easy to remember or type -- sort of the worst of both worlds. Even a three-word random Worldlist password takes more than half a year to guess when there is a cash prize involved, so that's sufficient for many uses. And since using a four-word random password pushes brute force attacks into infeasibility and is much easier to remember and type (like my own Master Password), it seems like that would be a better option. Even words we've never heard of before are manageable in a way that characters alone are not. Let me know what you think, or if there's a specific use case you have in mind that changes the equation, so to speak. :)

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @RJC_C,

    I'm not entirely sure what you are asking for. Are you asking to take a generated password like byuz+qEMnx468r}hC9qz and make it byuz+-qEMnx-468r}-hC9qz?

    If your goal is to make them simply more legible, then the trick would be not to add anything to the password itself, but to make the large type viewer more chunky. Here is what it looks like now

    large type view

    But without knowing what is in there, it isn't clear where separators would go. This would be an even bigger problem for human created passwords that might have meaningful units which the display wouldn't be aware of.

    So mostly what I'm going to recommend is that for those passwords that you need to speak or transcribe, the wordlist based passwords make the most sense.

This discussion has been closed.