Password Generator password length

Long time user of Lastpass, but got sick of their horrible support. Love 1Password for it's better UI and it consistently works with the fingerprint scanner on my Pixel 3XL.

My question is regarding the password generators default password length. I have read and understand your reasoning for suggesting a 20 character password (it's a good compromise on security for any type of attack), but there are still a lot of sites out there that limit your password character length to 8, 10 or 12 characters and I've been bitten more times than I'd like to count by using the suggested password length of 20 characters, saving the password and then trying to enter the site filling in the 20 character password when only 12 digits are accepted (I actually got into a loop of this happening four times before I figured out what was going on...I am not a smart man ;) ).

Would it be possible to give us the per generation option of specifying a shorter password as one of the options in the drop down that suggests the password? If not, I have to physically not select to use the generated password, open 1Password, click the + icon, select Password Generator, change the length, copy the password and manually go through creating a whole new entry. A drop down option would be great, allowing the user to take a slightly shorter path to selecting a shorter password, while still defaulting to the recommended 20 character length.

Thanks for the software and keep up the good fight.

Jeremy


1Password Version: 1Password X Chrome and Desktop
Extension Version: 1.15.6 (Chrome) 7.3.684 (Windows)
OS Version: Windows 10 64bit
Sync Type: Not Provided

«13

Comments

  • brentybrenty

    Team Member

    @jcclow: That has totally happened to me! The only thing worse than a site with bad password requirements is a site with bad password requirements that doesn't tell you about them or enforce them properly. :lol: I can laugh about it now, but when it's happening it's absolutely crazy-making. I'm sorry that happened to you too!

    As far as adding the customizable password generator to the dropdown, It's something we can consider. But, mercifully, we don't hear of a lot of folks running into issues like this regularly (though it may seem more common to you and I due to our battles with that kind of website!) and we do want to keep the awesome convenience of the Suggested Password feature as pure as we can if possible. But we'll continue to evaluate this as we develop future versions according to feedback from everyone. Thank you for bringing this up! :)

  • @brenty I found this post because I wanted to request the same feature after updating a few passwords in a row. I updated a number of breached passwords and ran into a number of sites that did not accept the "Suggested Password".

    Intuitively I pressed the *** to customize the password, and selected the "Password Generator" option. However, this link just takes users right back to the "Suggested Password" that I wanted to edit, so it creates a useless loop that is not adding any value to the "Suggested Actions" list.

    I found a different post directing users to the 1Password icon > + > Password Generator section of the app that contains exactly what I was looking for. It would be more useful for the "Password Generator" link in the first screenshot to make the more feature-rich password generator menu pictured below appear.

    Better still, would be to swap out the icon with the "Refresh Password" icon and make it trigger the more feature-rich password generator menu.

    As an IT professional, let's just say I'm good at using Google and finding features I'm looking for, but keep in mind that I am not representative of your typical user that expects it to "just work" without a learning curve.

  • @brenty This happened to me as well after fixing a few vulnerable passwords in a row. ;)

    I intuitively pressed the *** icon to customize the password generator options and found a "Password Generator" option in this menu that just kicked me back to the same "Suggested Password" prompt. This creates a menu loop that does not add any value.

    A different post described exactly what I was looking for under the 1Password icon > + > "Password Genera..." (sic) section of the browser app. It would be great if the above "Password Generator" option links to this menu instead.

    Even better would be to replace the non-interactive icon with a icon that links to this same feature-rich password generator menu.

    Keep in mind that I am an IT pro and thus more likely to use Google and find my way around. Your average user would struggle a lot more to work around this.

  • brentybrenty

    Team Member

    @bennovw: Thanks for chiming in! We have Suggested Password in the first level of the dropdown because that's all that's needed in most cases. The Password Generator involves more work for the user, so it's an advanced option deeper in the menu there, but can similarly be found in the 1Password X toolbar menu under the "+" for new items. That's not to say we won't iterate on the design over time. But it's not something that comes up often at all, so we don't currently have plans to do what you're suggesting. We'll keep in mind your feedback along with everyone else's though. Have a great weekend! :)

  • Since you don't hear it from a lot of folks, I am chiming in to say that I have the same problem with the length of the suggested password from the inline generator being too long and/or having characters that are not acceptable on some sites.

    I have also found that there are situations where the save login from the inline menu does not always work. I only either save saves the password or the user name for some sites and there is no feedback on the screen for which fields it is filling. I would like to see the save login window show the username and password it is about to save and allow editing in case something was not set correctly.

  • brentybrenty

    Team Member

    @erigby: We're definitely aware that some websites place restrictions on how secure your password can be. I think we all encounter those sometimes. But, fortunately for all of us, those are the exception rather than the rule nowadays. So I don't it would be reasonable for us to make the default Suggested Password adhere to a lowest common denominator, as 1Password would be then suggesting even 4 digit passwords for all of us, because there are still some sites like that out there, and that would weaken security by default for all 1Password users, making it so that anyone who actually wanted to use a strong password (which, frankly, is the reason for 1Password's existence) do more work to get one. So while I'm sorry for the inconvenience you encountered because of some website's restrictions, hopefully -- and likely -- you don't need to change your password there every day, so you'd only need to work to use a weaker password than the default on (hopefully rare) occasion.

    Regarding any issue you're having with the inline menu or saving/filling, please let us know the URL so we can investigate. There may be something we can do to work around it.

    And the suggestion to show the username and password -- or optionally reveal them -- when saving is an interesting one. Thank you for bringing it up! :)

  • I want to chime in on this problem. It was much easier in the old mac version to adjust the features of the password generator. So far I have just dealt with it. Usually I make up my own weak password and save it in 1Password rather than taking the extra steps to get to where I can change the generator settings.

    I would like to say that most of my new registrations work with the 20 character default but they just don't. As much as we would like sites to accept good passwords, I constantly run into length or character limitations. Please consider adding the functionality to the drop down in the browser as others have suggested.

    I'm a long term 1Password user. A bit salty over the recent changes but understand the need for the changes. Unfortunately, ever time I use 1PasswordX, I wish I had my old mac 1Password and browser extension back.

    Thanks,
    Mark

  • Add me to the list of those "chiming in" ....

  • brentybrenty

    Team Member

    @mchollett, @allawrence: Indeed, that is an option in the password generator in 1Password for Mac when using its companion desktop extension in the browser:

    You can get that from our website. Cheers! :)

  • I am NOT a mac user....

  • OK...... now I'm really confused. Do I use 1Password or 1PasswordX on my mac ? I want my vault to be online as part of the 1PasswordX extension and I thought I had to use the 1PasswordX extension for Chrome. I have a mix of 1Password installed on my mac but when I select the icon in chrome, I get the 1PasswordX extension. It does appear that the 1Password app on my mac is connected to my account online.

    Confused.......

  • brentybrenty

    Team Member
    edited October 2019

    @allawrence: What are you using? You haven't included that information in your comments here. :)

  • brentybrenty

    Team Member

    @mchollett: Sorry for the confusion. It sounds like you've "over-installed" there. ;) If you remove any 1Password extensions from your browser and install the companion desktop extension that goes with 1Password for Mac, it will work the way described above. You can also find a guide for using the 1Password desktop app/extension here:

    Use the 1Password extension to save and fill passwords on your Mac or Windows PC

    Let me know if you have any questions. :)

  • I am using WIndows 10 1903, current version of 1P, Chrome

  • brentybrenty

    Team Member
    edited October 2019

    @allawrence: Thanks for letting me know! You've got a couple options in Chrome on Windows.

    1Password X -- (install from website)

    Click "+" and then "password generator":

    1Password desktop extension -- (install from website)

    Click the "combination" icon in 1Password mini:

    I hope this helps. Be sure to let me know if you have any questions! :)

  • +1 for the OP. Just spent a very frustrating time trying to work out how to get back to the old password generator window where I could dumb it down for the old sites out there. I ended up doing it in the desktop version and then copying to the browser. Thanks @brenty for the tip on how to do it from 1PasswordX in Chrome. Still would prefer it as an option within the suggested prompt on the field, as it's not intuitive to have to manually create a new login and then cut and paste.

  • YaronYaron

    Team Member

    Thank you for adding your feedback here.
    We're definitely looking into it. Our goal with the suggested passwords is to allow a quick, simple and secured way for users to sign up to new websites without having to open the full-fledged passwords generator every time. While we do work on improving the suggested passwords, we can definitely also improve and clarify how to get to the passwords generator when needed, as it seems some of you did not know there is such an option.

    As brenty mentioned, the passwords generator is available in both extensions (1Password X and the good old 1Password companion extension). You can use either extension regardless if you are on Windows or Mac, but 1Password X does require a membership account. I hope that helps clear things up a bit until an improvement to the UI there is made to make things clearer. :chuffed:

    ref: xplatform/xplatform#85

  • +1 with bennovw and original poster.

    I find the bread and butter feature of 1Password--establishing a password for a new site--to be cumbersome. All I want is some simplified version of the password generator in the little drop down of the suggested password field. Just let me say 8, 10, 12 or whatever characters and allow me some options! Pop up a default password first if you're claiming ease of use, but then still give us the option to tweak it in a dropdown right below.

    Otherwise, it takes me a million clicks to get to it in the Chrome extension. Or I get an error b/c the site won't take your suggested password

  • Count me in on this request. Since the password generator from the extension's menu already remembers how many characters you asked for the last time you used it, in my opinion it would be completely logical to let the tooltip version of it also use the same value.

    When I open the generator from the extension's menu it's preset to my last used length:

    But when I click on a password field it defaults to a 20 chars string:

    Having switched from LastPass, I remember that its tooltip was bigger and presented mostly the same options as the extension menu version. In case you don't want to implement that style, I think that my suggestion of unifying the default length value between the extension menu and the tooltip could be beneficial for most use cases.

  • YaronYaron

    Team Member

    Thank you for your additional feedback guys.

    Our main concern regarding putting the passwords generator in that inline menu is that users will set it to a weak password due to some outdated website and then leave it like that for years until they realize they have weak passwords in hundreds of websites. That is why there is a default recipe of a strong password suggested automatically.

    However, we will definitely investigate the option to keep the default recipe and still implement the generator in there somewhere without making it look scary and confusing :)

  • If it helps, +1 from me on this topic as well,

  • Thanks, @kv3. Feedback's always welcome and appreciated. :smile:

  • adfhoganadfhogan
    edited October 2019

    +1 from me as well.. I definitely think better passwords should be the default, but indeed, the copy/paste dance on sites that don't support longer passwords is annoying! I find myself cracking out the command line and running 'apg -a 1 -M NCL -x 16 -m 16' a lot :)

    Having to go through a song and dance to reduce the complexity slightly I suspect means that for the sake of expediency a lot of folks are going with some really shitty passwords generated by hand.

    I never knew about the password generator in the "+" option inside the extension, and will consider using it in the interim, but perhaps some options:

    • Use recommended generated password
    • Custom generator for problem sites
      ... show the custom dialog along with brief text:
      "We recommend you use the default settings for the best security, but recognise some sites have restrictive password requirements."

    ... and you could offer folks a clearly opt in "dob this site in" feature, so sites with poor password options could be named and shamed^H^H^H^H^H^Hencouraged to do better :)

  • ag_anaag_ana

    Team Member

    Thank you as well for taking the time to share your feedback! :+1::)

  • ag_anaag_ana

    Team Member

    Thank you for sharing your thoughts, and the example was very useful :+1:

  • +1. I recently switched from lastpass, and this new password generator is driving me nuts. Lastpass was much easier in this area.

  • ag_anaag_ana

    Team Member

    Thank you for your feedback as well :+1::)

  • +1 from me - I agree, suggest a strong password as the first visible options but incorporate also a configurable generator in the popup. Just like LastPass has. My problem is directly the opposite, our corporate policy says min length of 15 chars but the suggestion box gives me only 12. Don't know why, as the + sign in the extension and generator underneath it is set to 20 chars.... Don't know where to set any defaults (length, characters) for the suggestion box

  • YaronYaron

    Team Member

    Hey @krokyk ,
    Thanks for chiming in!

    The suggested strong password has a predetermined recipe that cannot be changed by the user to prevent situations where users change it to something really weak because of an outdated website they're using, and then keep generating weak passwords for long periods of time before noticing it.

    Thanks again for the additional feedback!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file