Feature request: Alternate password generation

edited April 2015 in Lounge

I'm very much a fan of xkcd inspired - xkcd.com/936/ - password generation where the password is a short sequence of random common words. One notable advantage this system is that I can easily read the password to someone else. I was wondering if there was any thought/work into such alternate password generation styles. Going further with this, perhaps there could be a password builder feature allowing more control over the passwords generated.

Also as a nerd, I would also like an option to see password strength in terms of bits of entropy

Comments

  • Also as a nerd, I would also like an option to see password strength in terms of bits of entropy

    Doesn't work on its own. "Just1nBi#ber" is a pretty decent password if you look solely at entropy but it would be broken in minutes in the real world.

  • brentybrenty

    Team Member

    @Mr.Anderson: Randall Munroe is a genius. Check out his book, if you haven't! :+1:

    In regard to password generation, we are considering expanding the feature in the future. I can't say what form that might take exactly, but personally I would welcome more granular controls -- especially when so many sites still exclude/require certain characters. Fortunately that should change over time as more and more companies take the lessons they learn (often the hard way) about security and revamp their infrastructure and policies.

    You hear that Mister Anderson? That is the sound of inevitability. :sunglasses:

  • Yes, please brenty!!!! A simple refresh function for Generate Passwords would be a great start. At least I can cycle refresh a bunch of times until I get a usable password for those hard to please sites. Also, adding a list of permitted special characters would be a great help. Other than those 2 suggestions, works great.

  • A simple refresh function for Generate Passwords would be a great start. At least I can cycle refresh a bunch of times until I get a usable password for those hard to please sites.

    There's already a refresh button on the password generator window.

  • brentybrenty

    Team Member
    edited April 2015

    Also as a nerd, I would also like an option to see password strength in terms of bits of entropy

    Doesn't work on its own. "Just1nBi#ber" is a pretty decent password if you look solely at entropy but it would be broken in minutes in the real world.

    @RichardPayne: Indeed. We have to work to be as smart about how we calculate your 'password strength' as those who try to find its weakness, so we're always looking at ways of improving this.

    A simple refresh function for Generate Passwords would be a great start. At least I can cycle refresh a bunch of times until I get a usable password for those hard to please sites.

    Absolutely! These are something we're considering for the future of 1Password. I often actually double-click to toggle the Pronounceable checkbox in the password generator, which generates a new password. That may work for you in the mean time. Cheers! :)

    ref: OPM-1378

  • chucksensechucksense Junior Member
    edited June 2015

    +1 to a Randall Munroe password generator, please!

  • khadkhad Social Choreographer

    Team Member

    Vote added. Thanks, @chucksense. :)

    And, since it came up earlier in the thread, I figured I'd share our support article about password strength meters:

    How does the password strength indicator determine the strength of a password?

    It's not complete "doo doo", but there is a bit of "voodoo". ;)

This discussion has been closed.