Minor Feature Request: new password with same form as old password

tzstzs Junior Member

It might be useful on the password generation form to have an option when generating a new password for a site that already has a password to make the new password have the same form as the old password.

By same form, I mean that the new password would be the same length as the old password, have digits in the same positions as the old password, have letters in the same position and same case as the old password, and have punctuation in the same place as the old password, and would use the same punctuation as the old password.

For most sites this would almost always result in a new password that follows whatever password format rules the site enforces, as long as they have not changed the rules since the old password was generated.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • brentybrenty

    Team Member
    edited February 2017

    @tzs: Wow. That's a very interesting idea. I can see how it might help in situations with weird password requirements. I guess the one big concern is that a password generated in that fashion will be less secure, entropy-wise than the previous one. That's counterintuitive, but the idea is that if we use the previous password as a "template", that means that each character has much fewer possible options. For example, if there's a symbol in position 4 (ignoring the fact that this positional awareness alone results in less entropy), then instead of 93 possible characters, there are only 31*. And finally, I'd be willing to bet that if this were an option, it would be something many people would use all the time, even where it may not be necessary, simply due to friction. I don't know about you, but I don't like fiddling with my password generator settings, so I have to be disciplined and set it to the maximum again each time I'm forced to use something weaker to accommodate some silly website limitation. The tyranny of the default is very real. Definitely something to consider.

    *31 symbols — !"#$%&'()*+,-./\:;[email protected][]^_`{|}~>< 10 digits 26 capital letters 26 lowercase letters = 93 characters total

    ref: OPM-1530

This discussion has been closed.