Suggestions for Password Generator - Reopen closed discussion.
Referring to https://discussions.agilebits.com/discussion/65244/suggestion-for-1p-password-generator from 15 months ago.
I was on the www.NorwegianAirlines.com website. They do not allow any special characters.
Why can't you add the option to generate 2 random words with nothing between them? No separators should be an option but isn't. That would solve the Norwegian site requirements. (And their requirements are stupid). Example: zebrabasketball
I was also on a different website that wanted the following:
At least one upper case letter
At least one number.
At least one special character (but no more than 3)
1Password still cannot do this in the multiword password generator. Yet it would seem to be an easy fix.
Why can't you add three new checkboxes to the multi-word generator?
🔘 Use a minimum of UPPERCASE characters. (one or more of the words gets Capitalized)
🔘 Use a minimum of NUMBER characters (The last word gets some numbers appended)
🔘 Convert at least "S" to "$", "O" to "0", "l" to "!", "r" to "®", "f" to "ƒ", "C or c" to "©", "E or e" to "€", "T ot t" to "+".
The last option will make a virtually uncrackable password. Like this $teven.$co++.467
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@FogCityNative - thanks for the suggestions. We are in the process of revisiting the password generator, but I don't have anything to share regarding it at the moment.
A few ideas -- I'm not sure what you mean by "no separators." Distinct, "real" words become a lot less distinct when there's nothing at all separating them. I don't know what Norwegian Airlines requirements are, but we do allow spaces, which is "no separators" in the sense that there are no symbols involved (such as dashes, periods, and a few others, which we also allow).
Replacing letters with specific symbols ($ for S, 0 for O, 7 for L, 3 for E, etc) affords almost no additional security in terms of password strength; the rules of "leetspeak" have been well-understood for years, not only to hackers but also to cracking password applications. This was written in 2010, nearly a decade ago, and such substitutions were already old then.
Our goal in redesigning the password generator is to make it more useful to 1Password users in a way that doesn't decrease security or provide merely "security theater" upgrades, and also doesn't festoon the password generator with too many user-selectable checkboxes. We're still working on getting that mix right, so stay tuned to release notes and join the beta if you'd like front-row access to new features. Thanks again for taking the time to share your ideas with us.
0 -
Thanks for the reply and bringing me up to date on the current state of the art in passwords.
I am pleased to hear you are working on an update to password generator. I will join the beta.
Sorry to say Norwegian does not accept spaces either. I would use the other generator that does non-sense letter number random passwords but they are too hard to memorize when I am on a public computer and need to use 1Password to look up my password. Three random words are easier to memorize for a minute than is 1qz5AM9.
They run a great inexpensive airline but their web site is awful. Doesn’t even work with Firefox Quantum Mac. Buttons labeled Continue . . . When the actual function is Send or Submit. Lots of other ugliness. I wrote them with screen shots. Many fixes are cosmetic so let’s see what they do.
0 -
@FogCityNative - we've actually got a page for developers with best practices that may be of help for you to link to, if you get any reply from them that seems to be genuinely interested in what you're saying. Many sites take a "we know what's best for our visitors" approach to security (and especially to suggestions that they could be doing a better job of it), but that tends to be more the case with banks and financial institutions than other sites. If you get someone who sounds interested, press your advantage. :)
BTW, I did not mean to give the impression that this was different in the beta currently, only that changes will appear there first, so if you're keen to live out on the bleeding edge with us, that's your best recourse.
0 -
I just wanted to note that a series of settings in the password generator app that could ensure that the passwords generated conformed to requirements for special characters, length ranges (more than 8 but less than 20 characters), upper and lower case letters, numbers, etc. would be very helpful for me. The words password generator is great, but it frequently outputs passwords that are not usable for many, if not most, websites.
0 -
Welcome to the forum, @Vermont! Thanks for the feedback. We're in the process of refining the Password Generator, so you may find what you're looking for in future releases. I'd caution that there are a near-infinite number of ways that sites can set up requirements for passwords on their login pages, so it may never be the case that what's user-configurable in 1Password's generator will be able to accommodate all potential permutations. For the moment -- and probably forever, at a handful of sites -- it may be easier to allow 1Password to generate a password, then alter it manually by adding whatever combination of symbols (these but not those, etc), numbers and anything else the site requires.
0
