Feature Request: Diceware Password Generator

1356

Comments

  • benfdcbenfdc Perspective Giving Member

    I am running 1P4/Win under OS X Mountain Lion and an old version of CrossOver (which is a commercial build of Wine).

  • benfdcbenfdc Perspective Giving Member

    1Password does not force you to put anything in the could and on your servers.

  • khadkhad Social Choreographer

    Team Member

    Indeed. @benfdc is completely correct, Christopher. 1Password is completely local, If you're cloud averse, there is Wi-Fi Sync which keeps your data in sync across devices without it ever leaving your local network. 1Password for iOS is also free.

  • @khad‌
    I didn't realise that the iOS version was free. In that case, why do you charge for the Android version?

  • benfdcbenfdc Perspective Giving Member
  • They don't charge for the android version if you purchased a mac or windows version. You need to pay at least once. Seems pretty fair to me.

  • I have no wish to stifle discussion but isn't this getting rather far from the topic: Diceware Password Generator?

  • @virtualbartek‌

    They don't charge for the android version if you purchased a mac or windows version. You need to pay at least once. Seems pretty fair to me.

    Erm, yes they do, and from @benfdc‌'s link, they are for the new iOS version too. It's only free for existing v4 users. If I lost my mind and bought an iPhone then I'd need to pay for the iOS version, assuming I wanted the full feature set. For the reduced feature set, it is indeed free, which is an interesting difference from the Android version which is free "reader" but pay to edit.

  • I'm not sure what you mean. I have V4 on my mac which I bought very recently and it tells me it's up to date. I'm also using the android version on two different phones for free. Is V5 an iOS thing? I don't use iOS, I use OSX and Android...which is free for me since I bought the OSX version.

  • Yeah, they've just released v5 for iOS. OSX, Windows and Android are all on v4.

    And can I assume that you're only using the reader functions on your Android devices?

  • GlutnixGlutnix Junior Member

    Another vote for Diceware support on all platforms, not just Windows! It can't be that hard to implement either :)

  • Hi @Glutnix,

    I've let our developers know that you're keen to see a Diceware generator on all of the platforms.

  • +1 for a Diceware option on all platforms. I normally just use 50 random characters, but occasionally there's things that I need to be human-readable. And pulling out my D&D dice to make a custom password always feels excessive ;)

  • Hi @mxisaac‌

    Thanks for sharing your thoughts here! Sometimes human-readable is important ... and although I can't say I ever think that pulling out my D&D dice is excessive, I hear where you're coming from. ;)

  • Absolutely want to see a Diceware generator on OSX!

  • Hi @fzeroxx‌

    Thanks for adding your vote. :)

  • benfdcbenfdc Perspective Giving Member

    Was really hoping to see this feature in 1Password 4. Now AgileBits has released 1Password 5, and still nothing. :'(

  • dancodanco Senior Member Community Moderator

    1PW for Windows installed under WineBottler works ok, though that is a bit of a kludge.

  • Hi @‌benfdc

    I shed a tear as well ... I'd love to see this feature on all the platforms soon!

    and @danco, you're right - running 1Password 4 for Windows just for the Diceware generator is a bit ... extreme. ;) I'll let the developers know the lengths you're going to to get access to this awesome feature.

  • Wait a second... didn't 1Password start off as a Mac application? Why are we now put on the backburner for a feature like this? Isn't 1Password already on version 5 for the Mac and only version 4 for Windows?

  • Wait a second... didn't 1Password start off as a Mac application? Why are we now put on the backburner for a feature like this? Isn't 1Password already on version 5 for the Mac and only version 4 for Windows?

    The Mac app already has a pronounceable password feature. The Windows team decided to implement it as diceware.
    As I understand it, the v5 releases were not massive feature upgrades but mostly just "support the new OS" releases.

    Basically, when the Windows app is even vaguely close to feature parity then you can start crying about how unfair it is.

  • benfdcbenfdc Perspective Giving Member
    edited November 2014

    Why are we now put on the backburner for a feature like this?

    It’s not personal. Everyone was on the back burner until a Windows customer pointed AgileBits to a code library that could be plugged in with little effort. Maybe a Mac customer is going to have to step up to the plate, because we have years of evidence that the in-house developers have not been asked to prioritize this.

    The Mac app already has a pronounceable password feature. The Windows team decided to implement it as diceware.

    “Pronounceable passwords” are in no way, shape or form a substitute for Diceware-ish passphrases, and I have never seen anyone on the “Mac team” suggest otherwise. Diceware gives you high-security passwords of easily-quantified strength that are reasonably capable of being memorized. What do pronounceable passwords give you? Mimicry of a 1993 federal data processing standard (FIPS-181).

    Most businesses run on Windows, so you would think that the Windows version of 1Password would be saddled with the FIPS-y stuff and Mac users would get the goodies. But somehow that is not how things played out.

  • Everyone was on the back burner until a Windows customer pointed AgileBits to a code library that could be plugged in with little effort.

    Do you have a link to this? I don't remember that at all. Besides, the algorithm to for Diceware generation is not complex so I have no idea why they'd wait until a third party library was pointed out.

    “Pronounceable passwords” are in no way, shape or form a substitute for Diceware-ish passphrases,

    Yes it is. They both try to address the problem of producing secure, yet memorable passwords. You might reasonably argue that Diceware is a stronger and/or better scheme but they both serve the same basic purpose.

    Most businesses run on Windows, so you would think that the Windows version of 1Password would be saddled with the FIPS-y stuff and Mac users would get the goodies. But somehow that is not how things played out.

    Why would the newer platform for 1Password by saddled with a 20 year old U.S. specific standard?

  • An interesting read for the layman.

    The Secret Life of Passwords By Ian Urbina
    NY Times 11/19/2014

    … Not long after the planes struck the twin towers, killing 658 of his co-workers and friends, including his brother, one of the first things on {Howard} Lutnick’s mind was passwords. ...

    No one knew the passwords for hundreds of accounts and files that were needed to get back online in time for the reopening of the bond markets. Cantor Fitzgerald did have extensive contingency plans in place, including a requirement that all employees tell their work passwords to four nearby colleagues. But now a large majority of the firm’s 960 New York employees were dead. …

    Then follows Lutnick’s ordeal and strategy for recovering those passwords, and discusses “keepsake” passwords … words. dates, and phrases that are significant only to that one person … and “playful” passwords that some people use. I liked this one:

    Several people said they used “incorrect” for theirs so that when they forgot it, the software automatically prompted them with the right one (“your password is incorrect”)

  • Hi @Lamplighter‌

    Thanks for sharing that! I can bet our security guru is shuddering right now at the suggestion of using "incorrect" as a password - I seriously doubt that's a good idea ... despite the useful 'hint'! ;)

  • benfdcbenfdc Perspective Giving Member

    Your security guru once observed that the easiest way to find out a person’s password was to ask for it. This NYT article is certainly an object lesson.

  • +1 for adding Diceware support to OSX and then mobile platforms. I now have to use my PC to create new logins to use a Diceware generated password. Would prefer to generate it from any password.

  • BenBen AWS Team

    Team Member

    Thanks for the vote!

  • Like the Windows Diceware I/F. Intrigued by the "longer word"list. Wondering when/if we'll get it on all platforms (annoying to boot up Windows-inside-Parallels just to generate a new PW).

    +1 for "soon" ;-)

This discussion has been closed.