Is there an ability to specify what special characters can be used for a website login?

Some sites I use have a very limited set of characters that are allowed for special characters and trying to generate passwords for them takes forever when attempting to get the correct number and types of special characters.


1Password Version: 5.3.2
Extension Version: 4.3.1.90
OS Version: 10.10.3
Sync Type: Dropbox

Comments

  • brentybrenty

    Team Member
    edited May 2015

    @icetre: Thanks for contacting us. I'm sorry for the trouble!

    Unfortunately it is still fairly common for sites (especially financial institutions) to limit the character set that can be used when creating a password, thereby limiting its strength as well.

    We may be able to add more granular controls to the password generator in the future, and I appreciate you letting us know that you'd find that useful!

    And since you were able to contact us to let us know how we can help, be sure to reach out to the sites you're having trouble with as well; it's important that they know that their policies are causing you not only a bit of trouble, but preventing you from using truly random passwords. After all, when a site complains that you're using prohibited characters, they're reading the password to make that determination! Not only that, but if they create a hash of your password rather than storing the password itself for later comparison, that would allow you to use a password of any length which uses any characters -- definitely a security improvement! I hope this helps. Thanks again for the feedback! :)

    ref: OPM-1378

  • I have encountered the same problem (adjectives deleted). The workaround that I use is to define a section in my entry for that site called "Password Recipe". Then, I label fields for length and allowable characters. Nothing happens automatically, but when I create a new password for that site, I set the basic parameters for Password Generator and massage the resulting password as needed.

  • brentybrenty

    Team Member

    @MikeMadden51: Ah! I should really add password length/composition requirements info to my login items too, rather than having to look it up on the site every time. Provided they don't change it, that could be a big time (and frustration) saver for me. Thanks for sharing your process! :):+1:

  • The really frustrating thing about many websites is they won't tell you in advance what's legal and what's not. Some even accept your password change, but when you try to use it-- POW!

  • brentybrenty

    Team Member
    edited May 2015

    The really frustrating thing about many websites is they won't tell you in advance what's legal and what's not. Some even accept your password change, but when you try to use it-- POW!

    @MikeMadden51: I KNOW!!! :rage:

    And beware: in some cases the form will accept a too-long password, truncate it on the backend when you change it, and then you have saved an invalid password until you realize than n characters at the end need to go -- and of course the actual login form will take the whole thing, even though it's 'invalid'. (Or maybe that's what you were referring to.) :sweat:

    Hang in there. Things will get better... :dizzy:

This discussion has been closed.