Feature Request: Diceware Password Generator

1246

Comments

  • +1 would love to see this feature. Typing spaces on mobile keyboard is much easier in cases you can't copy/paste or autofill. A quicker change which also provides this benefit would be to allow " " not "-" in the pronounceable generator.

  • Switch to Android. You know it makes sense! :tongue:

  • +1 for a diceware passphrase option on Mac.

    The windows version works great and I'd love to see the same feature on Mac.

  • MeganMegan 1Password Alumni

    Hi @darcon,

    Thanks for adding your vote - I'll let our team know you'd like to see this. :)

  • MeganMegan 1Password Alumni

    Hi @wkleem,

    Thanks for the feedback, I'll add your vote to the request!

  • benfdcbenfdc Perspective Giving Member

    @jpgoldberg said on Quora that it’s coming "any day now." When I asked him about it on Twitter, his response was:

    Yeah. It's been "any day now" for many a day. I am making no promises.

    Well, Jeff may not be making promises, but the rest of you could make him look good by delivering on his not-a-promise. Make his day, please. And ours!!!!!!

  • brentybrenty

    Team Member
    edited May 2015

    @benfdc: Thanks for you passion here! Regrettably, we haven't (yet) added diceware to 1Password for Mac and iOS...

    ..but 1Password for Windows has had a diceware option in the Strong Password Generator for nearly a year now!

    Yet we can do better. Thanks again for the nudge! I've added your kind, thoughtful, and slightly-humourous vote to the feature request. :) :+1:

    ref: OPI-1871, OPM-1482

  • I'm switching to a Mac at work, and bought 1password in anticipation of that since my password manager didn't have a good Mac option. Mac came in, 1password installed, and really surprised and bummed to not see a dieceware generator. Please add my vote too!

  • brentybrenty

    Team Member

    @bbendick: Absolutely! Thanks for letting us know you'd like to see Diceware in 1Password for Mac too. :+1:

  • benfdcbenfdc Perspective Giving Member

    Lord I got them hesitation blues.
    Tell me how long do I have to wait?
    Can I get you now, or must I hesitate?

  • This thread has been running for over a year now and yet, despite the core code having been written (as we know from the windows version), the team is concentrating on Apple Watch features for all those millions of watch owners.
    What a pity. The watch features are sexier, but this would be more useful.

  • brentybrenty

    Team Member
    edited June 2015

    Lord I got them hesitation blues.
    Tell me how long do I have to wait?
    Can I get you now, or must I hesitate?

    @benfdc: I'm kickin' it old school. :)

    This thread has been running for over a year now and yet, despite the core code having been written (as we know from the windows version), the team is concentrating on Apple Watch features for all those millions of watch owners.
    What a pity. The watch features are sexier, but this would be more useful.

    @chrisko: I'm fairly certain that it isn't as simple as copy and paste (but I'll check with our Windows dev next chance I get).

    I think 'more useful' is pretty subjective, as it depends entirely on your needs (and the platform you use most!) However I do agree that Diceware would be very useful to have in 1Password for Mac. But our iOS dev working on 1Password for Apple Watch wouldn't be handling that anyway, so it isn't a matter of Apple's youngest platform getting attention at the expense of its eldest in this case. ;)

  • benfdcbenfdc Perspective Giving Member
    edited June 2015

    @Brenty—

    Please don’t pooh-pooh the need for this. A mobile keyboard-friendly password generator is absolutely essential in our smartphone-centric age. I could be wrong, but IIRC @jpgoldberg gave a presentation on the subject at PasswordCon years ago.

    The online environment has changed tremendously in the last half-dozen years, but 1P/Mac's password generator remains stuck in the past and the mobile apps do not generate mobile-friendly passwords. AgileBits has brushed aside user requests for Diceware for years (the only reason why 1P/Win has Diceware is because a user sent you code), but the problem goes far beyond Diceware. For instance, why in the world are mixed-case random passwords still 50/50 uppercase and lowercase when the entropy per mobile keyboard keystroke is so much lower for uppercase? Rinehold wrote years ago—even before the smartphone era—that when a site requires mixed case, the best practice usually is to use one uppercase letter.

    There really is no excuse for AgileBits’s neglect of the password generator these last many years.

    BTW, nice YouTube link, although my tastes run more to hot tuna than to jelly roll.

  • @benfdc

    Two things:

    1. The need for easily typable passwords is not a wide spread as you make out. Most passwords you will fill automatically with 1Password. It's only your master password, your sync solution and your primary email that needs to be remembered.

    2. I'm fairly sure that the Mac has a "pronoucable" option so you're not completely out of options.

  • brentybrenty

    Team Member

    @RichardPayne: Agreed. But I think Diceware is still incredibly robust and useful. It will be great if we can have it in 1Password on all platforms someday! :)

  • @RichardPayne: the use case I am thinking of is when using a machine that does not support 1Password, e.g. Unix, or a machine where company policy prevents it being installed, or a machine that simply does not have it installed, e.g. A friend's machine.
    All these scenarios are ones where you may wish to login to a password protected site but you are forced to use the 1Password that is on your phone and therefore prevented from using cut and paste or 1Password's autofill.
    In these situations you can:
    1. Type in by hand a very safe long password, but with high risk of typos.
    2. Use for these sites a short unsafe password
    3. Use a diceware password. Perhaps not quite so good as the completely random generated long password but better that a short password, and with reduced risk of typos.

  • benfdcbenfdc Perspective Giving Member

    @RichardPayne—

    I still run into an annoying number of sites that block cut-and-paste. I also manage a fair number of passwords for family members who are much less computer-savvy, and have significantly lower keyboard skills, than I.

    Pronounceable is the best available option for now, but it is not optimal. I find pronounceable passwords much harder to type than dicewords, and they are also much harder to communicate to others.

    Furthermore, I have no sense of the entropy of a pronounceable password, whereas the entropy of a diceword passphrase is well-defined. As a result I tend to use the "digits" version of the pronounceable generator, which is not mobile keyboard-friendly.

  • Just to clarify, I do agree that 1PfM should get Diceware asap. I just don't think that it's quite as big a problem as was being made out.

    the use case I am thinking of is when using a machine that does not support 1Password, e.g. Unix, or a machine where company policy prevents it being installed, or a machine that simply does not have it installed, e.g. A friend's machine.

    I use 1PfW on Linux. Other than that, I guess I just don't encounter the need to use other machines often enough to worry about it. Typically, if I need to access a site while away from my desk then I just use my phone rather than some random 3rd party computer.

    I still run into an annoying number of sites that block cut-and-paste.

    Fair enough. I've not seen one of them in a long time; at least, not one that blocks 1Password fill.

  • brentybrenty

    Team Member
    edited June 2015

    I still run into an annoying number of sites that block cut-and-paste.

    @benfdc: Ah, I know what you mean. Oddly enough though I can only think of one case where right-click pasting has not worked in these cases. I believe it was a form for entering bank transfer information, and I was able to right-click and paste my account number into the first field, but had to manually type it a second time into the 'verification' field (which wasn't to bad because the number was right above it). For some reason they'll somehow block only ⌘V pasting, but I'm able to paste via the contextual menu anyway.

    I too am more comfortable (both from a security and convenience perspective) reading information from 1Password for iOS if I need to login from someone else's system, but ultimately this comes down to personal choice.

  • Hello. Since I use iOS, OS X and Windows platforms for personal + work usage, I had to buy 1Password for all of my platforms, which was quite expensive.... but it does worth it. However, I have found that iOS and OS X version do not match password generation features of my Windows version of 1P. Examples:

    1. 1Password for Windows generates passwords up to 64 characters: OS X and iOS up to 50.
    2. Windows version has the Diceware feature: iOS and OS X do not.

    I would love to see the very same set of features on ALL platforms, where on each new release of 1Password, users can enjoy the very same set of features, no matter on which platform they interact with.

    Bottom line: homogeneity between platforms.

    It might sounds not "high priority", but it IS. More than often, I am forced to go to my Windows box only to generate a password of more than 50 chars (or to use the Diceware feature), instead of doing it in the platform I am at the moment.

    Many thanks for such great tool,
    Mark.

  • dancodanco Senior Member Community Moderator

    Given that you do this often, it might be worth your while to run 1PW for Windows under Wine on your Mac. For most of us this is overkill, but it just might suit you.

  • @danco, yep, that might work as a workaround, so thanks. But the idea of my post was to promote the homogeneity between platforms (extremelly important these days). So to take an example: when Google releases Google Chrome, they do not release X feature for Windows, but OS X version is left without that X feature until the next release, and so on. Switching between platforms should be totally transparent, instead of relying on workarounds to solve the main issue. Hopefully 1P will reach that point in a near future.
    Another solution (although is a radical change...) is to stop developing 1Password in a per-platform basis, and take the concept into a browser's plugin, just like LastPass is doing. But... instead of syncing in the cloud as LastPass does, just offer the current options (iCloud, Dropbox AND Wi-Fi sync).
    That way... developing would be focused on a single release (the cross-platform browser plugin), avoiding the cost and complexity of mantaining 1P for different platforms, etc.

    Just my hint.
    Thanks,
    Mark.

  • MeganMegan 1Password Alumni

    Hi Mark ( @mark_ux ),

    Thanks so much for taking the time to share your thoughts here! Cross-platform consistency is something that we're striving for with 1Password, but with a program that spans 4+ operating systems, it's no simple feat. Now, I'm not a developer, so I can't speak to the issues surrounding switching from a full app to a browser extension, but I'm happy to let our team know that feature parity across all 1Password platforms is something that you're really interested in.

  • the only reason why 1P/Win has Diceware is because a user sent you code

    @benfdc As the author of 1Password for Windows, I can tell you this is not true.

  • benfdcbenfdc Perspective Giving Member
    edited June 2015

    @svondutch—Well, they always say that correlation does not prove causation, but reviewing the first page of this thread one gets the definite sense that the feature appeared in the Windows beta very shortly after @richardpayne posted a link to some code on github.

  • the feature appeared in the Windows beta very shortly after @richardpayne posted a link to some code on github.

    @benfdc Maybe so, but none of this code has been used. As a matter of fact, I didn't even look at the code on github (sorry @RichardPayne).

  • No problem @svondutch. It's hardly complicated so there was no intention of posting it to give you a leg up, just to offer a tool for 1Password users who didn't have a non-web based generator at the time.

    @benfdc did you look at the code? If I were @svondutch I'd be insulted by the implication that I'd need to copy such trivial code.

  • brentybrenty

    Team Member

    @RichardPayne: Still better than mine, so I won't cast any stones here. :p

  • benfdcbenfdc Perspective Giving Member

    @svondutch—

    Thanks for the clarification. (Although technically speaking I never actually said that AgileBits used the code from GiHub.) More importantly, thanks for the feature. Do you suppose that by some chance the Mac and mobile groups could borrow your talents for a few days? :)

This discussion has been closed.