change suggested password length

2»

Comments

  • Matthew_1PMatthew_1P

    Team Member

    @uncaught: As kaitlyn mentioned, we're going for entropy (which is what makes a password strong) rather than length with these suggested passwords. That way, suggested passwords can be accepted on a wider range of websites whilst still being a strong password. The password generator works slightly differently as you can set the password recipe to match the requirements of the website you're on, which is why the default length for it is different. Thanks for sharing your thoughts on this! :smile::+1:

  • Chiming in here as I saw 1Password X 1.19.0 just increased the length of the suggested password :+1:

    I think I understand what you mean with that the suggested password and the password generator serve two different purposes. For my usage it would be great though if they would be more in sync. I use the generator for some very custom rules or situations now and then, but I always put it back to 'random password' and a good amount of length as my default preference of length for new passwords.

    I would love if the suggested password follows the changes I make to the generator (at least for when set to 'random password'). Or, maybe a setting in the addon page (where I can also change the idle timeout) to adjust the default length of the suggested password. Either one would help me in my flow.

    Thanks!

  • PeHansSePeHansSe
    edited April 28

    Just coming from one of your competitors and this is very painful. It's takes too much time to always navigate to the pw generator instead of just using the suggested password. Why can't the suggested password feature just use the settings from the password generator? That would help alot.

  • kaitlynkaitlyn

    Team Member

    Thanks so much for sharing your input here, @lode and @PeHansSe! I'll pass both of your feedback along. We're always looking for ways to improve the 1Password experience, and I appreciate you helping us in doing that. :)

    @PeHansSe – To answer your question a little better, here's a post from a while back that you can refer to. The same thing still applies today, but like I mentioned, we're always looking for feedback on how we can improve. I've passed yours along!

    ref: dev/core/core#352

  • I would suggest making the 'Use Suggested Password' tooltip functionally the same as the Password Generator in the plugin menu.
    Besides that, use the kind of passwords the 'Use Suggested Password' tooltip currently generates as a password 'type' in the Password Generator (and the 1Password native app as well). Because it generates passwords I really like, readable but with numbers and symbols (e.g., guld9TOCT7pull-bont). It's currently not possible to create this type of passwords anywhere else in the 1Password suite.

  • kaitlynkaitlyn

    Team Member

    Thanks for that feedback, @Boris_Online! I've passed both of your points along to the rest of the team. :)

    ref: dev/projects/customer-feature-requests#165
    ref: dev/core/core#352

  • Hi @kaitlyn,

    Definitely agree with Boris above. Have the suggested password generator use the same settings as we have set in the main program. It's a must!

    I have only just started using 1Password in earnest. I'm going through hundreds of sites updating passwords, and even on some utility sites the "suggested password" from 1Password is sometimes simply too long. While they're technically sound they are over the top.

    Rather than the nuisance of going to the main program users will end up ignoring the suggestion and typing their own new password which will likely be weaker than a good 12 char random generated password.

  • ag_anaag_ana

    Team Member

    Thank you for sharing your thoughts about this with us @gembrain :+1::)

  • I thought in the previous version that the inline password pop-up did have the ability to make modifications to the password generator. Perhaps I mis-remember, but that ship seems to have sailed regardless with version 7.

    I would like to add 1 vote for being able to access the password generator from the inline pop-up (maybe by simply being able to open the larger plug-in from the pop-up), and 1 vote for being able to qualify the list of special characters. I was stuck in a loop on a portal yesterday set up by an advisor that required special characters, but a relatively narrow list. I've seen that on other sites, too.

    It's not that hard to just let my fingers type some random sequence and include one of the small set of special characters, but it would be appropriate for 1P to help me.

  • kaitlynkaitlyn

    Team Member
    edited May 27

    Thanks for the feedback, @tempeCarlson! 1Password X has never had the ability to change the suggested password. You may have used the desktop-dependent 1Password extension previously, which is the other extension we offer, but that extension doesn't have inline suggested passwords at all.

    I do want to make sure you're aware of the full-featured password generator in the 1Password X pop-up. That's where you can customize a generated password recipe to comply with the restrictions of the specific site you're visiting. To get there, click the 1Password icon in your browser, then press Command-G/Control+G. If keyboard shortcuts aren't your thing, you can click the + button, then click Password Generator.

    ref: dev/core/core#352

  • @kaitlyn, my apologies! I came to 1P through version 6 on my Mac, and recently converted to X and the latest desktop app. So my previous experience covers the Chrome plug-in to version 6.

    That said, your directions to get to the password generator in the latest version are spot on. I was aware of accessing the password generator from the + button; ctl-g gets me there faster.

    I don't see a place in there where I can chose which symbols I want included by the password generator. The advisor portal I was on wanted a symbol(s) but it was a really short list, things like period, comma, asterisk, dash and plus sign for example. It was grumpy with several iterations of symbols that 1P was offering symbols like ampersand and percent signs (again, just for illustration). I ended up in a loop where 1P was saving the new password, but the site was rejecting it because of the symbols the tool was choosing and losing the log-in credentials.

    It was tedious because I had to go back and get the original password from the 1P history for the site, re-enter that and let 1P try a new suggestion until it chose one the site liked. I should have just typed something in by hand, 1P would have remembered that, but I can get compulsive sometimes! Ordinarily, this isn't a problem but I have seen it on a couple of sites.

    Have a good day!

  • kaitlynkaitlyn

    Team Member

    @tempeCarlson – You're right in that you can't filter out exactly which symbols appear in a generated password. You can only tell the generator that you do or don't want symbols to be included. It'd be nice to have more granularity there without having too many options to the point where the UI feels cluttered. We'll continue to explore ways we can do both. For now, what you can do is leave symbols on and simply refresh the password until you've found one you can use. I actually ran into this issue when signing up for my new insurance company, and I was able to refresh the password until I found one with only periods, commas, etc. Another option is editing the password to remove any of the symbols that are restricted by the site you're visiting. If you click on the generated password in the full-featured password generator, you have the ability to edit it before autofilling. Yet another option would be to use a memorable password instead, which uses words separated by a separator of your choosing. That can help, but I've also run into length restrictions when I've done that (dang password restrictions!), so that's why I'm mentioning it last.

  • Hi all,

    Wow, this has been a dynamic thread! It's reassuring for me. I just joined and am already very stoked about the level of attendance to users' queries. The number & type of participating team members is quite respectable and the reply content continues to yield a depth of useful information. Thanks & kudos to you all, seems like you have great team! ^_^

    Cheers,
    Scott

  • ag_anaag_ana

    Team Member

    Thank you for the kind words @SscoootzZ! We do our best to help :)

  • +1

    One specific use case is painful to deal with that I regularly encounter. I like high entropy passwords, I really do. :) 20 characters, lots of numbers, punctuation, changed letter case. But there are instances where I'm using a computer to create an account for something I intend to use with a mobile device. But because entering those types of passwords is painful on mobile, my preferred password form is a few-words-together. But I can't change the suggested password format directly when creating a new account. So I end up having to use the external password generation function to create the password, then come back inside the webpage to paste it, ignoring the 'suggested password' that 1Password wanted me to use. Really really want the ability to change password format.

  • ag_anaag_ana

    Team Member

    Thank you for the feedback and the specific example @r3cgm, that was very useful :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file