Advanced Setup when generating passwords with words

hXm
hXm
Community Member

Considering one scenario where i choose the option "Words" to generate one password:

a) Its possible to use words in pt-br? How said in your documentation "For passwords you want or need to remember (such as your Apple ID), consider switching from Characters to the Words option", do you agree that remember words in our native language is more easy? Sometimes this is really annoying.

b) A lot of services require passwords with one or more characters in uppercase. Do you can't include one option like "Mix upper and lower case" when generating password with words? One second option "Include numbers between words" maybe interesting too, for services where are required one mix of upper/lower case and number and not only simple words in lower case. Example: 27noteboKk9hoUse3ChilDren45.

Best regards and tks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:words in portuguese

Comments

  • Pilar
    Pilar
    1Password Alumni

    Hi @hXm,

    You bring up to interesting points about the Diceware option on the password generator. As a non native english speaker myself, I can relate to the way you're feeling about needing word lists in other languages. If you happen to know about good word lists for Diceware passwords in Portuguese we'll be happy to take a look at it and consider a way to implement it in the future. However, there are a few things that need to be taken for. Special characters can be an issue given the different ways a computer can interpret them, so lists would ideally need to not include accents and characters like ç or ñ. Personally, I'm excited to see the path that 1Password takes on all the language related details :chuffed:

    Your second point is one that has been mentioned before, and I will add your vote to our tracker. Ideally, sites would let you pick whatever password you want and encourage for randomness and length. Sadly, we see that instead of this actually secure features we find constraints like "between 6 and 14 characters, at least one upper case, one number and one special symbols", which yields poor results (my example comes from a very real site, so I'm not even exaggerating there!) I hope we see this practice decrease within time, but meanwhile I hope we can find a way so 1Password can help us deal with that! :chuffed:

    I hope to hear back from you with your thoughts on this! :chuffed:

    ref: OPI-3185
    ref: OPM-1378

  • AGAlumB
    AGAlumB
    1Password Alumni

    a) Its possible to use words in pt-br? How said in your documentation "For passwords you want or need to remember (such as your Apple ID), consider switching from Characters to the Words option", do you agree that remember words in our native language is more easy? Sometimes this is really annoying.

    @hXm: I suspect that you're right. Perhaps thats something we'll be able to add in the future. Unfortunately I don't think any of us know 17 words in Portuguese, much less 17,000 to make a comparable Wordlist to match the English one. :(

    b) A lot of services require passwords with one or more characters in uppercase. Do you can't include one option like "Mix upper and lower case" when generating password with words? One second option "Include numbers between words" maybe interesting too, for services where are required one mix of upper/lower case and number and not only simple words in lower case. Example: 27noteboKk9hoUse3ChilDren45.

    Unfortunately mixing the case makes Wordlist passwords more difficult to memorize — especially if the language is unfamiliar. The same is true for adding random characters. At that point, it would make more sense to use a fully character-based random password instead, as that will always be stronger than a word-based password of equal length. We'll certainly consider adding other options to the password generator in future versions, but we also want to avoid making it too complex. After al, our passwords should be inscrutable, not 1Password itself. :)

  • hXm
    hXm
    Community Member

    @Pilar You talking about something like this (https://github.com/juanplopes/4palavras/blob/gh-pages/words.js) but with a bigger qtdy of words? I can help with one list like this, if this can help your team to develop this to us here in BR (pt-br). :) The number that we need to take in mind is about 15K that @brenty said below your answer? About the question with special characters, i believe that we can manage this better than work only with eng words. In e-mail addresses, for example, we cannot use them. So one address like caçaepesca@gmail.com (something like huntandfish@gmail.com, the email for one shot of this articles), we know the character ç cannot be used. Its natural to us work with this. In one password with words i believe that is more natural to remember something like "mamae-cacador-agua" (without special characters) than the eng version "mother-hunt-water". With the special characters, the same in pt-br would be "mamãe-caçador-água". Just to finish, if is possible to use words with special characters, great! If do not is possible, please, make available the feature pt-br with the restriction to use only words without special characters.

    About the second question, i understand and agree with the argumentation of both you. Gifting us that do not use English as their native language with the first feature above already will make us happier! :)

    I forgot to say, but I'm sorry for possible errors in English in the questions I post here.

    Tks for your attention @Pilar and @brenty!

  • Pilar
    Pilar
    1Password Alumni
    edited June 2016

    Hi @hXm,

    Thank you for your answer! What we need is a list like the one you found, but much longer! It would also be best if the list was verified to have the characteristics needed for a good Diceware database. We wouldn't feel comfortable offering an option that just "kind of" did the work. If you want to dig around online and see if you find something like this it would make it easier for us to consider implementing it. Just to be clear, I'm not promising that we'll be able to see it in 1Password or when that would happen, but having a good list in a couple of languages would be step towards it!

    I can see what you mean about just typing the passwords without the special characters, in order for the list to be a good option, it should not include them to begin with. People would just have to not flinch at seeing a "huge" spelling mistake and try to correct it when using it, but that's a different kind of issue! :tongue:

    I hope to hear back from you with your thoughts about all this! :chuffed:

  • twilsonco
    twilsonco
    Community Member

    A very customizable option for this, sans the Portuguese word list, is the XKCD password generator based on this comic. There are very nice implementations in perl and python so that you can generate password locally, since using an unsecured web utility to generate passwords presents a huge risk. I believe that the perl implementation is more feature-rich than the python.
    My solution was to make an applescript that calls the perl implementation and provides a simple interface for generating a large number of passwords.

  • AGAlumB
    AGAlumB
    1Password Alumni

    That's an interesting solution. Thanks for sharing! Love XKCD. Hopefully we'll be able to add more flexibility to 1Password's generator in a future version as well. Cheers! :)

This discussion has been closed.