More options for the password generator

Hi everyone,

I recently switched over from 1PW 4 to 1PW 7 Beta and what I'm really missing are more detailed options for the password generator. Especially the amount of numbers and/or special characters/symbols.

A lot of websites I frequent regularly are only allowing some symbols and have problems with others like %, [, etc. (probably due to injection protections or something like that).

This means if I have my usual setting of 24 chars with symbols and numbers, I regularly cannot generate passwords for a lot of sites and see myself gravitating back to 1PW4 to generate a password and then manually copying it over to 1PW7. This is killing a lot of the productivity gains a password manager normally has.

In 1PW4 I was at least able to circumvent this by selecting how many symbols and how many numbers the generated pw should have, so for example I set the symbols to a low number like max. 2 or 3 and then generate until I have a password with only unproblematic characters like "!" or "?".

With the generator in 1PW7, there is no such options, so the passwords are very scrambled.

I also often have to type in my passwords on other (often mobile) devices where I do not have direct access to my vault, so passwords with less symbols (or more common ones like "!" or "?") are a lot easier for me to type on an on-screen-keyboard compared to something like "f:yahnTfsZz6br}Bf%^yt%".

While I'm aware that there is the options to use only words, I like the (probably only psychological :blush:) added security of also having symbols and numbers in my passwords.

Please reintroduce a more detailed way of configuring the password generator.


1Password Version: 7.0.541
Extension Version: 4.7.0.90
OS Version: Windows 10 Pro x64
Sync Type: 1PW Family

Comments

  • brentybrenty

    Team Member

    @enderep12: Thanks for reaching out. I’m sorry for the confusion! We don't have any plans to allow you to set a specific number of symbols and/or digits, as that isn't very random at all and can severely limit entropy of the password as a whole. Instead, there are checkboxes to enable one or both of those. That's very intentional. However, we would like to provide a way to disallow specific characters there in the future, for cases where a site is finicky. The problem is how to present this in a user-friendly way, but it's something we're exploring. As you point out, there isn't much agreement among websites who have these restrictions in the first place, so we can't reasonably have 1Password restrict this itself. Certainly we could resort to a lowest-common-denominator, but we'd end up using only ! or something, and that's not really a good solution.

    Regarding the need to remember and/or manually enter passwords, you're right that word-based passwords are what we'd recommend there, but also certainly that to our brains these may feel insecure. Definitely check out my comments here, as I go into some detail comparing relative strength of word- and character-based passwords. Math is on our side here: we really can have usable, memorable passwords that are also strong enough. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file