password generator in 7.3

13»

Comments

  • brentybrenty

    Team Member

    @vr8ce: Yes, but you're not the only user. We've got to design 1Password so that it does the most good for the greatest number of people. As @hawkmoth rightly points out, we still have work to do. "Control" isn't in and of itself a good though. Randomness is the absence of control, and since the strongest passwords are random ones, in this case, less control makes sense for 1Password's core function. If all you want is control over password creation, you don't need an app for that. Anyone can make weaker passwords with their own brain.

    But to answer your question directly,

    Why is it we have to justify how we generate passwords?

    You absolutely don't have to justify anything to us. But -- let's be realistic -- by the same token, if you're not willing to have a dialogue with us to help us understand your specific use case, the chances of us making any tweaks to help are almost nonexistent. I think what Goldberg said is very reasonable:

    I would like to have a better understanding of why you want to be able to specify the exact number of digits and symbols instead of simply "must contain symbols and digits".

    If you have dietary restrictions due to medical issues or food allergies, it's generally a good idea to make sure that the people preparing your meal are aware of that beforehand. Likewise, if there are things like that or other considerations we need to take into account which we aren't at present, it would be beneficial to know them so they can be weighed against all the other considerations which need to be balanced.

  • I didn't say I was the only user. In fact, I didn't mention me at all. I said, "We're the users." Please don't mis-quote me.

    Your implication is that specifying the number of uppercase, or numbers, or special characters automatically means weaker passwords. That is nonsense.

    Yes, we do have to justify something. That's exactly what your "let's be realistic" sentence says — justify what you want, or we're not making any changes.

    Bad analogies don't do anything for your argument, either. Again, you're the one that made the change. An unnecessary change. A change that negatively impacted your users, who came here telling you so. If you want a food analogy, you're a restaurant who has changed a beloved recipe for no reason, and then demanded your customers justify why they liked the old recipe better.

    What usually happens in that case is the people start going to a different restaurant.

  • BenBen AWS Team

    Team Member

    Thanks for taking the time to share your point of view @vr8ce. We'd still like to hear about any specific cases:

    I would like to have a better understanding of why you want to be able to specify the exact number of digits and symbols instead of simply "must contain symbols and digits".

    Ben

  • My use case is I want to specify how many special characters and numbers are in my passwords. Just like I have for the past umpteen years.

    But that's not what you (collectively) want. You want us to prove to you that we need to be able to specify it. And I'm not doing that. You're the ones that screwed up the functionality, you're the ones that should be justifying the change. And you haven't, because you can't. There is no reason to remove that control from the users, regardless of what underlying changes you made to the algorithms.

  • OAWOAW Junior Member

    @vr8ce The functionality you seek still exists in the main app. I'm not sure if there are plans to switch it over to the simplified functionality that now exists in the mini or not. But for now you can access it there.

  • LarsLars Junior Member

    Team Member

    @vr8ce

    ...you're the ones that should be justifying the change.

    Respectfully, we've already laid out our reasoning for making the changes to the Password Generator in 1Password's mini in more than one previous post. If you have any questions about those reasons, we'd be happy to answer. Similarly, if you'd like to share with us your own reasoning, we'd be happy to listen. Beyond that, I'm not sure what else we can offer you.

    You want us to prove to you that we need to be able to specify it.

    Again, respectfully, to reiterate what brenty said earlier, we truly don't.

    What we most definitely are doing is asking those who would like to share their use-case and reasoning with us to please do so, so that we can understand what's motivating people and potentially gain a wider perspective on the issue -- or potentially even learn something we didn't previously know. Sharing your reasoning/use-case also may indeed result in changes - at least, it's more likely to if we understand why people want what they want, or how they use 1Password.

    But to be as clear with you as possible - doing so also may not (result in changes). Earlier you said something similar: that we're trying to force you and others to "...justify what you want, or we're not making any changes." I want to emphasize that one of the main reasons it's not the case that we're trying to force you (or anyone else) "to 'justify' themselves" isn't just because you're right that it's your business to share or not as you see fit, but also because it simply is not the case that if if you did choose to explain your use-case/reasoning/preferences to us, we'd make changes. That's just not how it works around here; our user base is now large enough at this point that nearly any change we make will result in delighting some users and enraging (or at least disappointing) others. Since there will be users themselves whose wishes are in 180° opposition to the wishes of other users, it has become literally impossible to make changes to 1Password just because someone articulates their reasoning/use-case. So we don't try, because that way lies frustration and aggravation for both us and you. Instead, we do what it may have been less clear in the past that we've always tried to do: take feedback (even criticism) into account and combine it with our own best judgment about the best way forward. We'd be the first to admit we don't always get it right the first time, and that we don't have every good idea in existence. But sharing with us your reasoning, use-case and preferences remains the most-likely way for changes of the sort you want to actually happen. To paraphrase what brenty and Ben have already said, if we don't understand what people want as well as why they want it, we're much less likely to make any changes.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    edited June 11

    My use case is I want to specify how many special characters and numbers are in my passwords.

    I want to understand why that is valuable to you. You can chose to help me understand that or not.

    Just like I have for the past umpteen years.

    Here are some other changes we have made over the years:

    • We used to have a check box for "allow repeated characters". We removed that some years ago, when we found that fewer sites were banning passwords with repeated characters.
    • We used to have "<" among the default symbol sets, until we learned that some sites silently truncate passwords at that character.
    • We didn't used to have the word list generator. Now we do.

    We have always made changes. We try to be cautious when doing so. And if the changes cause problems, we like to understand why. You are under no obligation to help us better understand why this change causes problems for you, but I hope that you will.

  • Feels like I'm beating a dead horse here, but I'm going to chime in anyway.
    The random password generator (without needing to create a login) for Throw away passwords was/is invaluable to me.
    It was a huge quick and easy time saver. I work as a systems administrator and need to create one off passwords that I do not need recorded in 1password. Set it and forget it style stuff here. I like it to be complicated so that's why I relied on 1Passwords quick random generator. Now it's a huge pain to create a random password. Frankly the entire new Interface is off-putting and I'm seriously considering finding a new alternative to 1Password.

    I get wanting to end the confusion of customers possibly locking themselves out of a site because they created a one time password and didn't save it. That said, did no one think of the advanced users? Put it as a feature you can enable in the advanced tab and give us back our random generator... Doesn't seem like rocket science to me and clearly it's something people are upset about. I know I am.. :-/

  • BenBen AWS Team

    Team Member
    edited June 12

    @mrabinormal

    Now it's a huge pain to create a random password.

    What specifically are you finding difficult?

    I get wanting to end the confusion of customers possibly locking themselves out of a site because they created a one time password and didn't save it. That said, did no one think of the advanced users? Put it as a feature you can enable in the advanced tab and give us back our random generator... Doesn't seem like rocket science to me and clearly it's something people are upset about. I know I am.. :-/

    If you want to generate passwords without saving them that is possible here:

    Strong Password Generator | Best Password Strength

    (update: I'm being told this web-based generator should be considered "for demo purposes" and while ours is safe it is a good idea to avoid web-based generators in general, so please ignore this recommendation)

    For quite some time we've saved generated passwords within the 1Password for Mac application. This is not a new feature. It is more evident that it is happening now, but it has been happening for a long time.

    Ben

  • @Ben
    This is absolutely not a solution to what the application provided with ease. This is an excuse attempt to bypass the fact that you removed a valuable feature of the application that didn't involve opening a website. I can do that from multiple sites.... :-(
    Nice try.

  • brentybrenty

    Team Member

    We didn't remove anything. You can still generate passwords entirely outside of the browser:

    And, as Ben pointed out, saving Password items is not a new feature either. I've been telling people about this important safety net for years (even the support article for it was last updated nearly a year ago, and it's just the most recent in a long line).

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    The random password generator (without needing to create a login) for Throw away passwords was/is invaluable to me. It was a huge quick and easy time saver. I work as a systems administrator and need to create one off passwords that I do not need recorded in 1password.

    Thank you for that @mrabinormal! That is the kind of feedback we are looking for.

    I know that what I'm about to suggest isn't ready for prime time yet, and requires compiling code, but we have published the source of our underlying generator. There is a proof of concept command line interface for it.

    Speaking personally, I would like to see that turned into a stand-alone generator which exposes all of its power to the user. But it's not something that I have the time to work on.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file