Adjust Strength of Suggested Password

JadCJadC 1Password Alumni

When creating a new account on a website using 1P X on Chrome, I noticed that the strength level is not maxed out. Most likely do to the use of only letters and numbers:

Is there any way to adjust and customize the suggested password strength?


1Password Version: 1P 7 Beta Latest
Extension Version: 1P X 1.6.7
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @jadchaar: If a website allows you to use more characters, you can use the Password Generator in 1Password X to customize it:

    I hope this helps. Be sure to let me know if you have any other questions! :)

  • JadCJadC 1Password Alumni

    That does help! Was just hoping for a set and forget way to set a default password generation scheme. I personally like 18-24 character passwords with a few numbers and characters. By default 1P X seems to provide a long character and number password, but I would love the ability to change its default generation criteria.

  • brentybrenty

    Team Member

    @jadchaar: Thanks for the feedback! Indeed, since 20 randomly-chosen upper and lower case letters provide more than enough entropy to stave off cracking attempts for the foreseeable future and most websites will accept that, 1Password X defaults to those each time. But we'll continue to evaluate the possibility of having the password generator retain settings. I'd just hate for people to end up with a weak password by default each time because they'd had to decrease the length for one bad website one time and never bothered to change it again. Something to consider. Cheers! :)

  • JadCJadC 1Password Alumni

    Yeah that is definitely an issue. I have found that most sites allow for complex password with special characters and such. I have only encountered a few over the years that do not.

    I definitely think an option should be made available to power users, maybe hidden in an "Advanced" settings section, that allows us to customize the password generation scheme. Also, you guys can include a feature that warns users when they try and input a low-entropy password.

    But I definitely think it is worth it to flip the way you guys currently do it. What I mean by that is this: instead of making users use the custom password generator for more complex passwords, instead make it more complex by default and make users who need a weaker password use the password generator.

    Just throwing around ideas :).

  • brentybrenty

    Team Member

    Yeah that is definitely an issue. I have found that most sites allow for complex password with special characters and such. I have only encountered a few over the years that do not.

    @jadchaar: While many sites do allow special characters, very few agree on which ones.

    I definitely think an option should be made available to power users, maybe hidden in an "Advanced" settings section, that allows us to customize the password generation scheme. Also, you guys can include a feature that warns users when they try and input a low-entropy password.

    I appreciate that you'd probably be happy with that, but hidden options and nagging seem kind of user-hostile. We need to consider the wide range of people who use 1Password. And since most websites allow 20 character alpha-only passwords, and these have more entropy than needed when generated randomly, that's what 1Password X is using by default.

    But I definitely think it is worth it to flip the way you guys currently do it. What I mean by that is this: instead of making users use the custom password generator for more complex passwords, instead make it more complex by default and make users who need a weaker password use the password generator. Just throwing around ideas :).

    Totally. Thanks for your feedback on this! It's possible that we'll have it retain settings in the future. But I think it's worth giving it some time — both on our part and yours. We've received some feedback like your comments, so it's definitely something we're considering. But it's worth noting that many other folks seem to be doing just fine without having it be more complex by default. After all, it means they generally don't have to make any changes, since the default generated passwords will be accepted in the vast majority of cases. I know it's not what you're used to (me too!) but the current defaults seem to be helping a lot of people enjoy more convenience (by not having to fiddle with settings as much) while maintaining good security, and I think that's a good thing. But we'll continue to listen to feedback and evaluate if any changes can help even more people in the future. Cheers! :)

  • JadCJadC 1Password Alumni

    All good. I think the entropy argument is more important than maxing out the strength meter. Definitely something to keep in mind going forward, but you are right, for the regular user its totally fine.

  • brentybrenty

    Team Member

    @jadchaar: You're right too of course, but we want to be conservative when it comes to adding options or complexity in the code. I thin one of the things that makes 1Password X so refreshing is how little baggage it has, both literally and figuratively. We've started with a clean slate here, so we want to be cautious about expanding too much, too quickly.. You may end up being completely vindicated long-term. But I think it's more likely that the answer lies somewhere in between, so we'll keep working to strike that balance. Thanks for helping us do that. :)

  • I just migrated to 1Password from Dashlane after they jacked up the price too much.

    I tried many other options for password manager and I just love how you put together this product with a good combination of features but yet, managed to keep it simple!

    However, I agree that this ability to add special characters, changing the length of passwords should be available with the "Use suggested password"

    This is where it all happens when you register to a new site. I love how 1Password will save your Login in the process. But having to pull the full password generator, to me adds extra (confusing) steps. Having the same bit of interface available, right there, when you create a new account would make it very practical.

    If I could vote for this enhancement, I would!

  • brentybrenty

    Team Member

    I disagree that 1Password is the source of confusion here. Before 1Password X, we were all using the password generator and I haven't heard from others that it's confusing. Most of the confusion, based on feedback, seems to be some websites' silly rules (and often their penchant to obfuscate them). ;)

    We're unlikely to add it that kind of complexity to the Suggested Password feature since, as you mentioned and was discussed above, it's purpose is simplicity: compatibility with most websites. We have a full password generator though, and we're working toward making that even more flexible over time too. Thanks for the feedback!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file