Feature Request - Default password recipes

For password recipes, I personally tend to use some combination of words, and a separator. My request is for the ability to choose a default password recipe so that when I begin to create a password, it defaults to said recipe. Currently it defaults to random characters, at least on iOS. Perhaps even just using the previous recipe would work as well.

I’m not sure what the current functionality is on other platforms, but obviously is usually a good UX decision to implement in other platforms instead of just one.

Comments

  • brentybrenty

    Team Member

    @Ben.S: We definitely want 1Password to default to the more secure of the two, so we don't have any plans to do what you're asking for. However, I am curious, if you find yourself using word-based passwords more, is that out of necessity or by choice?

    You can get a good sense of where we're going by looking at 1Password X, where the password generator is our newest design. It defaults to 20 characters with capital and lowercase letters. This is not only plenty of entropy, but also compatible with most websites. We'll continue to evaluate and tweak things as the security (and web) landscape changes though. :)

  • Ben.SBen.S
    edited June 2018

    EDITED:

    @brenty

    In all or at least nearly all cases that I use word-based passwords, it's out of choice. I do it so I can have the ability to easily read a password for use on another device, where my 1pass isn't installed, nor do I want it installed. It's not like I enter a password or share one everyday, on a non 1password device, but when I do, it's a massive pain.

    I haven't heard about 1Password X yet. I will check that out. Thanks!

    Note, that I only use word based passwords for sites that have little to no consequence, if they were ever compromised. And not always. As example, I'd never use word-based password for financial accounts, email, etc. When I use word-based it usually is 10 words and I switch it up between different delimiters.

  • brentybrenty

    Team Member

    In all or at least nearly all cases that I use word-based passwords, it's out of choice. I do it so I can have the ability to easily read a password for use on another device, where my 1pass isn't installed, nor do I want it installed. It's not like I enter a password or share one everyday, on a non 1password device, but when I do, it's a massive pain.

    @Ben.S: I hear you. That makes sense. We just want to make sure there's less friction to do the more secure thing. Something we're continually evaluating though, if the landscape changes such that people need to use word-based passwords more often.

    I haven't heard about 1Password X yet. I will check that out. Thanks!

    Sure thing! Interested to hear what you think. :)

    Note, that I only use word based passwords for sites that have little to no consequence, if they were ever compromised. And not always. As example, I'd never use word-based password for financial accounts, email, etc. When I use word-based it usually is 10 words and I switch it up between different delimiters.

    Just to clarify, I'm not saying that word-based passwords are bad. In some cases, even 3 random words will be good enough. We default to 4 since that's a usable middle ground. And 5 or more is what I use for important things — like my 1Password.com account. Probably the only reason that I don't use a word-based password for any of my main financial accounts is because they (disturbingly) do not accept passwords of the length I'd use (probably 6 or 7 words). So I get a lot more bang for my buck using character-based passwords there. It's all about the entropy though, so word-based passwords can be suitable, provided they're long enough — and random. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file