Why is there a 64-character hard-limit on the password generator?

wily_wombat

As per the title. I would like to be able to generate passwords of much greater length than 64 characters.

Are there any reasons why the generator does not allow for anything greater than 64 characters?
When I attempt to increase this limit, it gets reset to 64 characters.

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Pilar

Hi @wily_wombat

Thank you for your interest in 1Password and in our password generator. 64 characters of random characters have a very high entropy that would take several billion years to crack, even by 25 random characters we'd be beyond the realm of humanly crackable. This chart is really good to get things into perspective:

Source: https://i.imgur.com/e3mGIFY.png

I'm not sure what you'd like to use longer than 64 characters random passwords, would you mind sharing it with us? We always love having some insight on how you all like to use 1Password and it's different features :chuffed:

wily_wombat

Thank you for your reply.

I understand that a 64-character password is nigh-uncrackable right now, though I would still prefer to be able to use longer passwords where possible. Given that a 64-character password stands well, is there much reason for you to limit the number of characters anyway? NIST specifies that your passwords should be at least 64 characters, and that there should be a reasonably high limit on actual password length, if not unlimited (though this does open you to DoS attacks, so I wouldn't recommend it).

At this point it feels rather arbitrary to limit the generator to 64-characters, since there is little technical reason not to allow longer passwords. Why limit your users rather than let them manage their own passwords as they wish to manage them? Is allowing for longer passwords going to cause a significant increase in your storage costs? I imagine that it might, though I also imagine that it would not be terribly large since passwords(and the way you may store them, the exact specifics and architecture of which are unknown) tends to be text-based.

AGAlumB

@wily_wombat: It may be that we change this in a future update. Honestly though, I cannot remember the last time a website accepted a 64 character password from me. They're out there, of course, but I find myself frequently having to dial it down to 20. That's a big part of the reason we've set an upper limit of 64 currently: there are so few cases when the user can take advantage even of that. This is something we'll continue to evaluate though, so I really appreciate your feedback on this.

Martok

@brenty whilst you are correct that there are still some websites that limit the length of passwords used (and characters!), I have found that I actually have quite a few that would allow the max length password that 1Password could generate (which was 50 characters when I got it a couple of months ago and is now 64 characters). Unfortunately I can't be sure exactly how many without looking at each one individually as 1Password unfortunately doesn't give you a password character count and the password strength meter shows passwords of 30 characters as being max strength (maybe that is something that can be improved, adjusting the strength meter and possibly also showing a password length column?). I do know that I have quite a few that were 50 in length, a lot more so than were set to 30 or 40 characters. Anyway, based on my max strength passwords, I have 91 out of 117 which is pretty good.

So maybe the upper limit for creating random generated passwords needs to be re-evaluated sooner rather than later. :-)

AGAlumB

@Martok: There are certainly plenty of websites I don't know about, so I'm sure you're right. We have each probably encountered different ones. I can really own speak from my own (frustrating) experiences. :lol:

That's an interesting point though. 1Password doesn't have a way to search for the password length, only sort by strength. I'm not sure that it's helpful to focus too much on the length though rather than the overall strength, but we can certainly give that another look, especially if we're evaluating what the password generator can produce. Thanks for bringing this up! :)

wily_wombat

@brenty I have eight services currently in my 1Password vault(which will definitely increase over time) and have only had a single website of those request a 32-character password. The rest accepted 64-characters just fine, and the only reason I did not use a longer password was due to being scared that 1Password wouldn't save the full password.

These services are(so far):
Cloudflare
Crunchyroll
Instapaper
Humble Bundle
Mailgun
Scaleway
Agilebits Support Forum

The passwords I used pre-1Password were all excessively long, and I very rarely ran into any real problems with those.

Even so, as a pure limitation based on your personal frustrations with websites and password-length support, I feel that you should rather give the user themselves the freedom to choose their password length rather than dictate the length based on your own experiences. If it so happens to be that a website does not support a 1024-character password, the user can dial it down to whatever the website supports. It is only a few seconds of an inconvenience to replace a password field value, and the benefits, in my opinion, far outweigh the odd website with an archaic security policy. Err on the side of caution - and so some extent paranoia in the age of massive password breaches popping up every week - rather than say "64 characters is enough" and leave it at that.

I work with people that have extensive experience in cracking passwords of various hash types, and it is rare but not extraordinarily uncommon to crack exceedingly long passwords, specially those that make use of passphrases since it is easier to chain words rather than characters. Combine this with the idiotic security of most websites and their password storage measures, I feel strongly that we could only benefit from longer passwords.

It is surely only an Integer change, and I doubt you would need to change the length of your database fields much, though I could be underestimating the work involved there since it is likely you have a fair amount of optimisations in place around that.

AGAlumB

Even so, as a pure limitation based on your personal frustrations with websites and password-length support, I feel that you should rather give the user themselves the freedom to choose their password length rather than dictate the length based on your own experiences.

@wily_wombat: I'm sorry if I gave you the impression that the 64 character limit is imposed by me based solely on my person experience. We test a lot of websites, both popular and unpopular, and much of the headaches I and the rest of the team encounter with password saving/filling is during that process. I was enjoying the conversation and wasn't trying to prove anything, only offer some anecdotes. That doesn't mean I don't take this very seriously. Quite the contrary!

I work with people that have extensive experience in cracking passwords of various hash types, and it is rare but not extraordinarily uncommon to crack exceedingly long passwords, specially those that make use of passphrases since it is easier to chain words rather than characters.

You're right that some really long passwords can still be cracked, given that they are not truly random. So it really isn't fair to lump all of these in together. Not all passwords (monkey123) are created equal. Fortunately, that's not how 1Password does things. All of this is, at its core, math:

31 symbols
!"#$%&'()*+,-./\:;?@[]^_`{|}~><
10 digits
26 capital letters
26 lowercase letters
= 93 characters total

log2(93) = 6.5391588111 <- bits of entropy per character
6.5391588111(64) <- length of password
= 418.50616384 <- bits of entropy total

To put this in perspective, this is way off the chart — literally — that Pilar linked above (which maxes out at ~18 characters = ~118 bits of entropy), and the gains are exponential. Again, and this is important: a single bit of entropy represents an exponential increase in strength.

However, you're right that the threat will change over time and it's something we need to continue to evaluate. But, perhaps unintentionally, the reality of the threat landscape is very different than the way you're presenting it.

Combine this with the idiotic security of most websites and their password storage measures, I feel strongly that we could only benefit from longer passwords.

In your (unfortunately all-too-realistic) scenario, a stronger password does you no good whatsoever. After all, whether your password is monkey123 or f]dvW{E@mLwH)D/tD9WA}48HL{6tx$@gcsf3TyN7yhP6Ngz2Gac2^WJ4vXfJdDQM (which 1Password just generated for me), if an attacker is able to simply obtain it from the server, they don't need to crack it. Your only defense here is to use a unique password for each site, so that it cannot be reused. We will almost certainly increase the limit over time, but currently doing so will not meaningfully increase security since this is already far beyond the realm of crackability.

I hate to disagree with you so vehemently because your heart is so clearly in the right place, but I think there are enough real threats for all of us us to worry about without getting unduly anxious about truly strong 64 character passwords. :blush:

wily_wombat

@brenty Thank you for your reply. I'll accept the 64-character limit, though still feel that we would benefit from giving the user freedom of choice rather than restrict them, even if it is to some extent paranoid or irrational. From a purely objective perspective, is there any distinct reason for you not to allow for longer passwords? Is there some technical restriction, or is this decision based purely on computational entropy?

In your (unfortunately all-too-realistic) scenario, a stronger password does you no good whatsoever. After all, whether your password is monkey123 or f]dvW{E@mLwH)D/tD9WA}48HL{6tx$@gcsf3TyN7yhP6Ngz2Gac2^WJ4vXfJdDQM (which 1Password just generated for me), if an attacker is able to simply obtain it from the server, they don't need to crack it.

This works for sites that store passwords in plaintext or in some badly-encrypted manner, though a lot of modern sites are using some form of salted hash. A 64-character password will be effectively impossible to brute even with MD5, though. I suppose I tend to exist on the overly-paranoid spectrum of things since I work in the security industry and part of that work is analysing and making use of data breaches for informational purposes. Prefer to future-proof myself to the furthest extent possible. Maybe at some point a vulnerability in bcrypt is found, where it's possible to obtain the plaintext for certain password lengths. Of course, this is also overly-paranoid and highly improbable.

AGAlumB

@brenty Thank you for your reply. I'll accept the 64-character limit, though still feel that we would benefit from giving the user freedom of choice rather than restrict them, even if it is to some extent paranoid or irrational.

@wily_wombat: To be clear, I have no doubt that it's only a matter of time before we raise the limit. I'm not trying to argue that we shouldn't, only to present the facts to make the case that it isn't an urgent matter. If and when it becomes more urgent, we will absolutely be on top of it. :)

From a purely objective perspective, is there any distinct reason for you not to allow for longer passwords? Is there some technical restriction, or is this decision based purely on computational entropy?

While it isn't a true technical limitation, a 1Password vault of substantial size with passwords twice the length (or more) of the current 64-character limit would be much larger, and less efficient for syncing and storage. That's probably not a huge concern, but it's certainly something we'll test when the time comes. While we don't have information on customers' data, just anecdotally from troubleshooting it seems like it isn't at all uncommon to have upwards of 1000 items in a single vault...and many of us have a lot more — both vaults and items.

We want to make sure that 1Password is secure and performs well. If it is painful to use, no one will use it, and then the security benefits are irrelevant. So long as we're not taking unnecessary risks, it's important to keep a good balance so as many people as possible can benefit from the convenience and security that 1Password affords.

This works for sites that store passwords in plaintext or in some badly-encrypted manner, though a lot of modern sites are using some form of salted hash. A 64-character password will be effectively impossible to brute even with MD5, though.

This is where we're coming from. There are totally sites out there that are doing this right, but for now they are still not as common as we'd all like.

I suppose I tend to exist on the overly-paranoid spectrum of things since I work in the security industry and part of that work is analysing and making use of data breaches for informational purposes. Prefer to future-proof myself to the furthest extent possible. Maybe at some point a vulnerability in bcrypt is found, where it's possible to obtain the plaintext for certain password lengths. Of course, this is also overly-paranoid and highly improbable.

Totally! Please, please, please don't stop questioning these things! I think we've made the right choices here (for now), but we really need to be able to back up our decisions when it comes to security. With other things (design, features) it's often subjective, but security is paramount. And people like you help us make 1Password better. So if you or any of your colleagues is interested, we may have a bounty for you. Cheers! :sunglasses:

FieldGuide

I need at least an 81 character seed for my digital wallet...

https://iotasupport.com/gui-newseed.shtml

danco

Well, if you need that particular wallet, then 1PW password generator isn't a good fit. Maybe AgileBits have a suggestion.

But my reaction, looking at the site, is that I would never trust a site asking for a password with those restriction.

It asks for a password created from A-Z and 9. Why restrict to upper case characters, why only 9 and not all ten digits? That's completely absurd. And if they actually meant any alphanumeric character, then they have described things so badly that again I would not rely on them.

Ben

Generate two 41 character passwords and concatenate them? :) The password generator doesn't have the ability to generate passwords longer than 64 characters at the moment, so that would be the only solution I could see. You could of course use two different length passwords that add up to at least 81 characters as well.

It does seem danco raises some valid concerns, though.

Ben