change suggested password length

13»

Comments

  • kaitlynkaitlyn

    Team Member

    @billhorvath – Thanks for the feedback! Are you using Safari, by chance? We did actually add the ability to customize the suggested password in one of our extensions. The feature hasn't quite made it over to Safari yet, though.

  • Yup - I’m using Safari.

  • kaitlynkaitlyn

    Team Member

    @billhorvath – Good to know! Thanks again for sharing your thoughts with me. We do hope to bring this feature to Safari in the future. Stay tuned. :)

  • ychasseychasse
    edited July 13

    I just wanted to say how much I love 1password, coming from the Lastpass world.

    If I can make a recommendation please, please, please make the password configuration a global setting. I use Windows, Linux, iPhone, chrome, and firefox. It's driving me completely crazy that I have to reconfigure every time. To me finding this setting feels like a treasure hunt every single time, I can never remember where to find it. I feel it should be like on Lastpass right in the dropdown for quick action access and on your site to set the default setting.

    I am sorry if this sounds like a rant, but I have to admit, it's my number 1, 2, 3 pet peeves of 1password...

  • ag_yaronag_yaron

    Team Member

    Thanks for the feedback here @ychasse .
    We'll look into it :+1:

  • ThomasThomas Junior Member

    I also totally can't understand, why there's an app to make passwords more secure which then suggests 19 characters when easily 50 would be possible. Why not just reuse the last given parameters of the regular password generation (length, special chars, etc.) - and if the field length in HTML has a size limitation, just cut it off. I mean, that's super easy and would definitely improve security.

  • ag_yaronag_yaron

    Team Member

    Hey @Thomas ,
    If only all websites in the world followed one specific standard it would be as easy as you described it :)

    Unfortunately, they don't. Some websites have a maxlength attribute in the field's HTML code, and some perform the length check via Javascript after you send the form so 1Password can't get that information and will suggest the default settings you have in the generator.

    You can set your own recipe in the generator for 50 characters and make it default, but only the "Smart Passwords" option will try to read the password field's attributes and make an educated suggestion. Not only that, the Smart Passwords option also checks our internal database as well as external databases for websites with known unique requirements for changing passwords, and if it finds a match it will further adjust the suggested password to offer something that fits.

    This is all very amazing on paper but at the end of the day - there are trillions of websites out there and every one of them was designed without any certain standard in mind. Our default Smart Passwords recipe consists of 19 characters that include digits and symbols as this is the best middle ground we found that works on most websites by default (e.g. when the website does not state a maxlength or is not found in our special requirements databases).

    If we default to a 50 characters long passwords we will definitely fail in a lot more websites when changing passwords. The Smart Passwords recipe has been changing constantly over the past few years according to users feedback and amount of support requests we get about this very issue of suggested passwords not being accepted. Currently, 19 characters long works best for most users. This will keep changing as we receive more feedback and data on the matter, so thank you for sharing your thoughts and input here :)

  • ThomasThomas Junior Member

    @ag_yaron thanks a lot for the lengthly explaination. I am aware of the problems with websites and their behaviour. As you can never be sure if the browser or some weird JS cuts something off, my current workflow is like this (Mac native app with native browser plugin) - and you might understand why this causes me headaches (even though I love as a happily paying customer 1PW since years - except for your weird electron decision which is hopefully to be reverted):

    • Click on 1Password icon in browser toolbar
    • Click Generate Password (My default is 50 chars)
    • Copy password and paste it into the prima password entry field
    • If there's a "view cleartext password" option, click it and check whether the last chars are the same like the generated password.
    • If there's a second verification entry field, paste it there as well, remove the first character and reenter it manually to see whether passwords still match.
    • Click save and copy for the generated password, go to 1Password main application and click "Convert to login"
    • Copy paste the username I've used for the site to the webpage (and potentially rearrange the login URL to make sure it works with open and autofill)
    • Save the password on the main page, hope that it fulfills all site requirements (otherwise generate a new one in the login and paste again) - and ignore the "Save to 1password" prompt (as I did before).

    You see, if you really want as long as possible passwords, the whole procedere is really painful. A simple slider to adjust the length manually (and to do try and error) would be a real game changer, as I could use the built-in option then which generates automatically a login and tried to capture the login email address correctly.

    Hope that makes sense - and if you have any improvements for my process (maybe I've overlooked something), let me know.

  • ag_yaronag_yaron

    Team Member

    Hey @Thomas ,

    From your description it sounds like you're using the old 1Password Classic extension, in which case your workflow should look like this:

    1. Get to the "Change Password" page on the website.
    2. Autofill your current password, then click the extension's icon and select "Generate Password".
    3. Adjust the generator as you see fit and click on "Save & Copy", then paste the password into both "New Password" and "Confirm Password" field.
    4. Send the form and see if the website accepts the new password. If it does, 1Password should automatically pop up and ask if you'd like to update your existing login item with the new password - confirm and update it.

    All the extra checks and manual steps you're taking are not necessary unless you're extremely anxious about the website's ability to function properly, and even then we have built-in failsafes to prevent loss of access to your account, such as keeping both the old and new passwords in 1Password.

    If you'd like an improved and easier experience, I suggest you give the new 1Password in the browser a try: https://support.1password.com/getting-started-browser/

    With the new 1Password in the browser the process would look like this:

    1. Get to the website's "Change Password" page and autofill the current password with 1Password.
    2. Click the "New Password" field and 1Password will pop up in that field automatically, suggesting a new smart password or the default password recipe you set in the generator. Click on the suggested password.
    3. 1Password will autofill both the "New Password" and "Confirm new password" fields for you and will pop up the update prompt so you can update your existing login with this new password. Confirm and update it, then send the form on the page.

    Here's a video recording I made for you showing the ease of use of the new 1Password in the browser when generating and autofilling new passwords: https://recordit.co/XbVmEmrtqM

  • ThomasThomas Junior Member

    Thanks a lot. I still prefer the classic extension as I didn't like the usability of the new one, but I haven't given it a try for a while. So thanks for the help, I'll check it!

  • ThomasThomas Junior Member

    BTW, One problem I had that I'm using many different browsers at the same time (Safari, Chrome, FF, FF Dev), and I had to re-login into each browser after unlocking my screen. But I'll take a look whether this is resolved by now

  • ag_chantelleag_chantelle

    Team Member
    edited 5:44PM

    @Thomas

    That should, indeed, be resolved now. We introduced Shared Lock State for all your browsers when we released version 2.0 earlier this year. Let us know if you have any trouble, we'll be here to help.

  • ThomasThomas Junior Member

    @ag_chantelle @ag_yaron I indeed tried the new extension based on your recommendation, but it didn't work at all. While I have no problems in Safari, Chrome, Firefox and Firefox Dev Edition show a locked 1Password Symbol in the toolbar - but when I click on it, NOTHING happens. Newest browser versions + 1PW version. I've tried everything from restarting browser, 1password, rebooting computers - no luck. NO way to unlock. When I right click, go to settings > sign into an account > computer and click on I found my account details, the 1Password opens but nothing happens. What to do?

    FYI, the 1Password classic extension (app required) works still fine.

  • ag_chantelleag_chantelle

    Team Member

    @Thomas

    It might be useful for us to get a look at what's happening on your computer to determine why 1Password in the browser is not communicating with the app. I'd like to ask you to grab some logs and diagnostics from your machine:

    • A console log from either Chrome or Firefox will show connection attempts.
    • A diagnostics report from your Mac will help us confirm your setup and identify any underlying issues that may exist.

    Send the log/diagnostics to us at [email protected] with a link to our current discussion. We'll have a look and let you know what we find.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file