Password generator options

MisteurJ
MisteurJ
Community Member
edited May 2016 in Lounge

Hi,
More and more websites ask for a strong password including letters (caps and lowercases), signs and digits.
Would it be possible to include this mix into the password generator ?
I usually use the diceware generator, with space separator, but adding a digits option to this would be great...

Thx a lot !
Joël


1Password Version: 6.2.1
Extension Version: Not Provided
OS Version: OSX 10.11.4
Sync Type: Not Provided

Comments

  • Megan
    Megan
    1Password Alumni

    Hi Joël ( @MisteurJ ),

    Thanks so much for the suggestion! We’ve been trying to keep our password generator as simple as possible so that users don’t get overwhelmed with options when building a password. If the website is requesting a mix of all types of characters for the password, it might be simpler to use our character generator to create your password. Alternatively, you can edit the password after it’s been generated to add the necessary characters.

    That being said, I’ll let our team know you’re interested in this option. :)

  • khad
    khad
    1Password Alumni

    @johnkzin,

    Wordlist passwords are best used only in cases where you need to remember or type the password. I wrote a bit more about that here:

    https://www.quora.com/Can-you-help-me-to-prove-that-longer-lowercase-+-numbers-only-passwords-are-stronger-than-shorter-mixed-case-+-numbers-+-symbols-passwords/answer/Khad-Young

    For passwords of the same length, random characters will have a higher entropy. So if you do not need to remember the password (most passwords other than your Master Password) then using the Characters option is the way to go.

    Of course, that doesn't mean there isn't room for improvement. I've made sure the devs are aware of your requests. :)

    If we can be of further assistance, please let us know. We are always here to help.

    Cheers!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Just your implementation of words is currently weaker. I think the options I've given make it less vulnerable to a brute force attack.

    @johnkzin: That's not true at all. It's important to consider the number of possible combinations. You can get the exact same entropy with any of these methods. It's a function of the password length and number of inputs. The Wordlist consists of about 18k words, which gives it considerable entropy. It may not be ideal for your particular use case, but calling it "weaker" is fallacious — comparing apples and oranges.

    You may be interested in the existing discussion on this topic. I'll close this one so we're not rehashing the same conversation in multiple places. Cheers! :)

This discussion has been closed.