Creating passwords

I am still having problems with the password generator. There has got to be a way to better this. I like to use symbols in my passwords but the generator uses every little symbol there is. Half of the symbols are not allowed by the site you are trying to make a password for. There is no way to take out the ones that are not allowed. I try to generate more but they are still filled with the obscure symbols. So I don't use the symbols. Bummer. But than I was just making a password for an account using just the number and letters. But I had problems getting it to make a password with a number in it. I don't know if anybody else has brought this up or if just me. But there has to be a way to better this. I have ideas but I'll leave that to the you.
Thanks Bruce

Comments

  • brentybrenty

    Team Member

    @helpmeifyoucan: More symbols is better than fewer for entropy (and because websites restricting them implies they're storing passwords in plaintext...), but you're right that this is a challenge for us as users regardless. However, I will say that if you're using a long, random password composed of even just capital and lowercase letters, of at least 20 characters, you're in really good shape. There are comparatively fewer usable symbols than letters and numbers, so a max length password composed of letters and numbers will be not only incredibly strong, but also effectively the best you can do given the constraints of website restrictions.

    Regardless, the problem of password generation is definitely something we're aware of, and we get feedback similar to this from time to time. However, we don't have fully customizable character sets in 1Password on any platform because we haven't yet found a good, usable solution — especially for small screens. It's something we're hoping to achieve though, and perhaps we can find something while we're working on some other changes to password generation that will be coming to the apps in the future. Thank you for your feedback on this! :)

  • My strategy on this is to use the generated symbols, then to manually remove those that the sites complain about.

    Websites that don't tell you what characters are disallowed make me want to kill...

    TECHNICAL RANT:
    IMO, the onus is really on the websites. There is no good reason to disallow any of the 1Password generated symbols in passwords. There are no circumstances could the use of such characters result in a server side compromise unless the server is manipulating the password string directly and passing it on unescaped and unencoded across routines, which would be ridiculous, not to mention insecure.

  • periperi

    Team Member

    Thanks for your input, @BH1P. Indeed, it's hard to create passwords that satisfy the requirements of every site, because they all have different criteria. We try to generate passwords that are accepted in most cases, but there are always outliers, unfortunately. We're hoping to improve this process in the future.

This discussion has been closed.