define special characters and other settings for new passwords

When making new passwords many sites are disallowing specific special characters. How can I define at the time of generating a new password what criteria to use for the recommended new password?

I just moved over from Lastpass and I had full control of the password requirements when generating a new password. I have had a VERY hard time creating new passwords for sites using 1Password.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • ag_anaag_ana

    Team Member

    Hi @yesitsme! Welcome to the forum!

    Currently there is no way to choose what type of characters to insert in your password, you can only choose whether you want symbols/numbers or not, but you cannot choose disallowed characters.

    If some websites disallow certain characters, you can manually remove them from the password after it has been generated. When 1Password prompts you to save this login afterwards, it will automatically save the updated password :)

  • I hope the feature will be added. If I have a 54 character password it is quite involved to manually change the password. It would be really nice to also be able to select to include some capitalisation and numbers when choosing multi-word password generation.

  • ag_yaronag_yaron

    Team Member

    Hey @misconstrue ,
    1Password X might answer your needs here, if you have a membership account with us feel free to take it for a spin:

    The passwords generator is accessible by opening 1Password X in your browser and clicking the big "PLUS" button, then selecting the "Password Generator" from the menu. It has some features there that you might find useful.

  • Yep, being able to select symbol sets would be very useful. I do the manual thing myself.

    IMO, the onus is really on the websites. There is no good reason to disallow any of the 1Password generated symbols in passwords. There are no circumstances could the use of such characters result in a server side compromise unless the server is manipulating the password string directly and passing it on unescaped and unencoded across routines, which would be ridiculous, not to mention insecure.

  • ag_yaronag_yaron

    Team Member

    @BH1P You are absolutely right. The websites shouldn't care less what the string that is used as a password contains, unless it is not strong enough. They should hash it and store it and get it done with :)

This discussion has been closed.