Feature Request: Special characters allow list for password generation

Problem

Many websites allow or require special characters, but only from a defined subset. There is no consistency across websites on what this list is, but usually it is shared to the user.

1password allows generation of passwords with n number of special characters. The collection of special characters used is defined by 1password and can include special characters not allowed by the website.

Solution

Allow the user to define an allow list of special characters to be used in the password generator


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @viet!

    Thank you for the feedback! My understanding is that this is something that we don't plan to do: we are trying to generate passwords that are as random as possible, and I was told that selecting specific items for the generated password gives you a lower password entropy.

    You can read more about this from our security team here, if you are curious :)

  • vietviet
    edited September 11

    I understand the reasoning and I agree with you the best password is one of highest entropy.

    But if the website’s password validation does not accept the password because it denies certain characters then the random generator is useless. For example, lets say one website only accepts special characters from the following list: %#^?. It won’t accept a password with the character $. If the password generator outputs a password with the disallowed character it won’t be accepted by the website because it fails their validation.

    The best approach to this situation is to generate the best random password with the allowed characters that pass the website validation. Is it the most secured password? No it is not. But it is the most secured password allowed and validated by the website.

    Not allowing this forces the user to manipulate the randomly generated password to remove denied characters, which reduces the effectiveness of the password.

    I understand the stance you are taking, but I think it is a very rigid one that is not practical to the (what I believe) actual goal and purpose of the random password generator feature: to generate the most secured password which is validated by the tool/website/et cetera.

  • ag_anaag_ana

    Team Member

    @viet:

    I can say that in the latest 1Password for Mac beta we are exploring using the password rules information provided by Apple to make this automatic, so you still have the randomness while still following the rules of the specific website ;)

    Unfortunately some websites still decide to put these rules in place instead of just allowing all characters, but with the new rules database at least things will be easier for us users :)

  • vietviet
    edited September 11

    I see. That is great to hear. Looking forward to seeing how well it addresses the case.

    Just from my personal viewpoint it is quite frustrating to generate a 64 character password string with x number of digits and y number of special characters, and then having to comb through the string to replace the denied special characters with one that is acceptable by the specific website.

  • ag_anaag_ana

    Team Member

    Understood, thank you for the feedback @viet :+1::)

  • Upvote this request for viet’s! I have this problem all of the time. Thanks!

  • ag_anaag_ana

    Team Member

    Thank you for the feedback as well @C_Welch :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file