Password Generator password length

2»

Comments

  • krokykkrokyk
    edited February 10

    that is fine, I understand, but pls provide an option to change the suggested password to a criteria specified by me (i.e. I want to specify length and what chars are to be used) - just like you let us define "recipe" in the Password generator. I mean add the option to the tooltip suggestion, not in the extension or desktop app

    If I understand correctly the predefined and unchangeable "recipe" is 20 chars in length, then how come my suggested password is 12-char long? I can see the 20-char length in the Password generator (i.e. when I click + -> Password -> click on the "key" icon)

  • ag_anaag_ana

    Team Member

    @krokyk:

    If I understand correctly the predefined and unchangeable "recipe" is 20 chars in length, then how come my suggested password is 12-char long?

    Where do you see this? Can you give us the exact steps to reproduce this so we can test it?

  • I'm having the same issue as @krokyk. Found this thread after searching for answers and created an account only so I could post about it. Using the extension for Firefox (72.0.2), on Windows 1909.

    Default password length when using the password generator had always been 20 characters. However, today, when trying to create two different logins on two different websites (including this very own), the password generator generated passwords that were only 13 characters in length.

    Because there's no way to edit the length of passwords on the fly through the drop-down menu (something that should definitely be addressed, as many other users have already suggested), I had to manually create logins and then define the length of the passwords myself, copying and pasting them.

    I also noticed that there's no more way to manually define the number of digits and symbols. Has that changed?

  • @ag_ana Hi, so I fired up some random registration form:

    and as you can see, the generated password is 14 chars long... Which setting and where is this driven by?

    This is the password generator when manually clicking the + sign in the firefox extension:

    You can see length is 20....

    So I'm really confused where (and if) this can be configured by me.

    Adding option to configure how the password is generated directly in the dropdown (when you click that 1pass icon in the password field) would be really helpful. I'm not asking for this to be persisted and stored as a default for a subsequent password suggestions, it's an on-demand one-time thing that I want to tweak my password for this one particular password field on this one particular site at this particular time

  • I've had the same problem as people above. I need to be able to set the password length. Sometimes a site will require a certain length and forbids certain characters, so we need to set the characters too.

  • I'm also having the same issue as @krokyk @EeK and @llbehar

    Please help ! :) Everything was fine last week... Did something change regarding the default length of the suggested passwords? 20 chars with symbols was the sweet spot. Now it's only suggesting a weak 13 char long password...

  • YaronYaron

    Team Member

    Hey guys,
    We have changed the suggested strong passwords recipe recently so it would fit more websites by default, to prevent situations where users select the suggested password and ending up being rejected by the website they're signing up for. You can see this change was made in the latest version's log: https://app-updates.agilebits.com/product_history/B5X

    The reduction of length in the passwords generated does not mean these passwords are not strong. They are very strong and remain on the range of what we consider super safe and secure. While 14 characters sounds weak to you, the entropy and complexity of the generated passwords is calculated and generated by our algorithms and will withstand any complexity test you put it through :)

    If you still feel unsafe using our suggested passwords, you can always use the full-fledged passwords generator in 1Password X, where you have full control over the recipe:
    1. Click the 1Password X extension icon to open 1Password in your browser.
    2. Click the big "PLUS" icon to reveal the menu.
    3. Select the Password Generator (the first option).
    4. Generate passwords according to your needs. It will also remember your settings the next time you open it.

    Thank you all for the feedback - we will see if/how we can insert the password generator in that little popup in the future.

  • @Yaron Thanks a lot for your answer, it's all I wanted to know :)

    Thank you all for the feedback - we will see if/how we can insert the password generator in that little popup in the future.

    That would be GREAT.

    Kind regards

  • ag_anaag_ana

    Team Member

    On behalf of Yaron, you are welcome :) If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • I just want to drop by and say I love the new generated password in 1Password X. The old 20 characters long one was annoying as I've run into a lot of websites that don't go that high. Also, the new generated one is easier to read or type if I need to. I'm loving this shorter and easier to read suggested password!

  • ag_tommyag_tommy

    Team Member

    @Zoup

    Thank you for the kind words. The entire team loves to hear comments such as yours. They brighten the day! :)

  • @Yaron, in your post you mention "14 characters". But in my experience, only a few of the generated passwords are 14 characters. Some of the generated passwords are only 12 characters and doesn't get marked as "excellent" passwords. Just "very good". Why are the new passwords not all "excellent"? Shouldn't that be a minimum standard for all your suggested passwords?

  • ag_anaag_ana

    Team Member

    @zmelnick:

    The new limit to 14 characters was implemented only recently. Before it used to be 20, so if you have several passwords with 12 characters, it means that you specifically chose different settings for your password generator when you created them. What we use by default is just a recommendation, but you can make passwords longer or shorter as you see fit.

  • @ag_ana This was a password created by the default suggestion. It was 12 characters in length. I am able to re-create the different length suggestions fairly easily, and they are not always 14 character. For instance, I went to pretend to register for a new account on this forum, and 1Password suggested a password that was 13 and not 14 characters. The 12 character password I posted about above was created using the same "suggestion" method.

    Shouldn't all suggested passwords be a minimum of 14, or at least complex enough for the 1Password software to mark them as "Excellent"?

  • ag_michaelcag_michaelc

    Team Member

    Hey @zmelnick. The new recipe gives passwords that are mostly of length 14 and have about 48 bits of entropy, suitable for almost all use cases. As you've seen, occasionally this is a bit less, but rest assured these are still plenty secure. We have some work to do to make sure the password strength is shown (and calculated) uniformly across all devices. In other words, although counterintuitive, I wouldn't stress here over the fact that your generated password is shown as "only" Very Good — rather, we need to make additional changes to display and calculate things differently to better reflect the actual strength. The actual generation and strength are sound. :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file