Feature request: improve password generator for words

olivierdb
olivierdb
Community Member

It would be nice if the password generator would offer more possibilities when using words. Would be great if it would offer the same capabilities as this website: https://xkpasswd.net/s/


1Password Version: 7 Beta
Extension Version: 4.7.0.90
OS Version: OS X 10.13.4
Sync Type: iCloud

Comments

  • I've love to hear more about what exactly you're trying to achieve with those additional possibilities. Looking at the options provided there, I'd guess it's for additional strength? The strength of a password is measured by bits of entropy: basically how random it is. Our word list is roughly 18,000 words large, so it takes very few words for the number of bits of entropy to skyrocket.

    What are you using these passwords for? I'm not asking which websites, but more like... are you generating passwords that you're expecting to remember?

    Rick

  • olivierdb
    olivierdb
    Community Member

    You're spot on, Rick. The thing is that I don't always find it convenient to use 1P on my iPhone or Android tablet. Therefore, I often find myself having to memorise passwords for the sites I visit the most on my mobile devices. I'd like the passwords to remain strong, but there's no way I'm going to remember a complicated password with at least 16 uppercase and lowercase characters, symbols and numbers. So, the obvious choice is to use a sentence or multiple words that could be padded some simple way. Without padding, the use of words in passwords via 1P translates in weak strength unless you have very long passwords.

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    @olivierdb It's an interesting question. If a dice word is like 12.9 bits of entropy at 7.7K words, how much entropy is in a word list of 18000 Words? And really, length still matters to some extent. This always gives me a headache.

  • AGAlumB
    AGAlumB
    1Password Alumni

    You're spot on, Rick. The thing is that I don't always find it convenient to use 1P on my iPhone or Android tablet. Therefore, I often find myself having to memorise passwords for the sites I visit the most on my mobile devices. I'd like the passwords to remain strong, but there's no way I'm going to remember a complicated password with at least 16 uppercase and lowercase characters, symbols and numbers. So, the obvious choice is to use a sentence or multiple words that could be padded some simple way. Without padding, the use of words in passwords via 1P translates in weak strength unless you have very long passwords.

    @olivierdb: That sounds like a lot of passwords you're going to have to memorize and type though. Can you tell me more about what's preventing you from having 1Password do this work for you on mobile devices?

  • AGAlumB
    AGAlumB
    1Password Alumni

    It's an interesting question. If a dice word is like 12.9 bits of entropy at 7.7K words, how much entropy is in a word list of 18000 Words? And really, length still matters to some extent. This always gives me a headache.

    @AlwaysSortaCurious: About 14.17 bits per word. So a four word pass phrase is 56 bits. Not too shabby, but I wouldn't want to have to memorize (or type) more than a few of those. :lol:

  • olivierdb
    olivierdb
    Community Member

    @brenty On my iPhone or Android tablet, I usually use Safari or Chrome to browse the web. If I suddenly find myself having to sign in a website to access a specific web page, then I first need to copy the url, open 1Password, login to 1P, search for the website, click the link in 1P that will take me to the website inside 1P's browser and sign me in automatically, then I need to paste the url I had copied to access the web page I wanted. Then what would I have to do if I wanted to sign in another website? Step back and carry out a new search, I understand. All of this is quite a tedious process and kind of defeats the purpose of using 1P in the first place, i.e. keeping my login experience as simple as possible. 1Password X for Safari or Chrome mobile, with auto sign-in, is really what is needed here, rather than having an extra browser inside 1P.

  • That's quite the workflow you've got there, @olivierdb. Fortunately there is a much easier way:

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • olivierdb
    olivierdb
    Community Member
    edited May 2018

    @Ben For Android, I see a note saying that Autofill requires Android 8 or later, so that's not great!

  • It does, yes. If you’ve got something older this may help:

    Use the 1Password keyboard to manually fill in apps and browsers on your Android device

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    @olivierdb noted that

    the use of words in passwords via 1P translates in weak strength unless you have very long passwords.

    This is not because the generated passwords are weak. It is because password strength meters (necessarily) suck. If a human picked a handful of dictionary words, then the password would probably be weak. And so that is what the strength meter is reporting. If the strength meter knew how the password really was generated then it would know that it is stronger than any human created one.

    We are working on making our password strength meter aware of whether we've generated the password or not, but we still have a ways to go. So it errs on the side of assuming that the password was a human creation.

  • prime
    prime
    Community Member
    edited May 2018

    I like to use this style of passwords for accounts I have to type in the password. What I do is have 1Password make it, add it to the notes area, then make my changes that I like (one of the words migh have some capital letters, and I might even a number or two).

  • AGAlumB
    AGAlumB
    1Password Alumni

    That's a good workaround when there are specific requirements like that. Cheers! :)

This discussion has been closed.