No more symbols slider

Wondercow
Wondercow
Community Member

While creating a new password today I found that the sliders for the amount of digits and symbols are gone. Is this a purposeful design choice or a glitch? If purposeful, why? In every password I generated I didn’t have much variety in symbols, nor did I get a good amount (this also applies to digits).


1Password Version: 7.7
Extension Version: Not Provided
OS Version: iOS 14.1
Sync Type: Not Provided
Referrer: forum-search:Symbols

Comments

  • Hi @Wondercow.

    We're using Apple's repository of resources for password managers now which informs password managers about password requirements of various sites. This means it will be possible in significantly more cases to generate a compatible password out of the box, without having to adjust the password manually. Adjusting manually is generally considered to be a bad thing in terms of entropy (randomness), which is one of the primary factors that makes passwords strong. In short, yes, it is purposeful. :) If you find sites where we're generating incompatible passwords, please let us know. I hope that helps!

    Ben

  • Wondercow
    Wondercow
    Community Member

    Thank you, but that doesn’t fully address the problem. Without the sliders to say how many digits or symbols should be included 1Password is now offering me 32-character passwords with one symbol and two digits. Sometimes I get as many as four symbols. In addition, in my brief testing on one site (nintendo.com), 1Password only ever offered me the following symbols: _ * . ! @ - If I manually enter them, I can use everything on the standard iOS English keyboard except €, £, ¥, and · as you can see in these screenshots:

  • Thanks @Wondercow. We'll have to take a look at what Apple's repo has set for nintendo.com's requirements vs what they actually currently allow.

    Ben

  • Wondercow
    Wondercow
    Community Member

    Thanks Ben, but, again, that doesn’t address the now missing ability to control how many digits and symbols are included in a randomly-generated password. Why was that removed?

  • Correct; that's intentionally gone. Our security team weighed the advantages vs disadvantages and felt this was a better approach, as you're not manually manipulating the outcome (which decreases randomness).

    Ben

  • Wondercow
    Wondercow
    Community Member

    But it wasn’t manual! The software decided what to include and where. Now it’s manual as anyone who wants a good distribution of digits and symbols will have to change it manually. This is especially true for any websites that Apple has outdated information for and isn’t updated in a timely manner. Perhaps the options should be there for the user to choose which method they’d like.

  • @Wondercow,

    Our Chief Defender Against the Dark Arts, Jeff Goldberg, outlined the rationale for the current approach here:

    https://1password.community/discussion/comment/508219#Comment_508219

    I'm not aware of plans to make further changes to the options at this time, however I'll be happy to record your input for further consideration.

    Ben

This discussion has been closed.