Password generator - Random words - Add option for including capitals/numbers

I want to echo this sentiment. Your response looks like a dismissal of the problem, and I strongly believe you should reconsider.

In short: it'd be much better to have dynamic options for your password generator like the ones at https://xkpasswd.net/s/ .

It's nice to generate a password that's word-based (thus easy to remember) but with words and symbols and multiple cases in it (thus is accepted on the vast majority of websites). The current "words" option you offer is effectively useless for most usage, in an age when most people are using passwords with both words and numbers. If you offered more dynamic options (i.e. checkboxes and number selection for "words" "digits" "symbols" and "separators") it'd be a truly dynamic password generator that I'd actually use, and love!

I'm the same as siplhium. I prefer word passwords but almost always have to add a couple of numbers or upper case letters to make it acceptable.

Can't disagree with either Ben or you!

It's just that, sometimes, you have to type in a password because the site doesn't accept copy and paste and that makes a word password easier to do, although I admit it's a rare occurrence. Besides, I like the look of a word and digits password, even though it's hardly every physically needed, and so the option of words with digits would be good but I can also understand that it would mean more and not very necessary coding to achieve it! So I'll not lose any sleep over it and I love this programme and the way it works, and have done since I first bought it nearly ten years ago.

It's the first third party programme that I couldn't live without and it just gets better and better.

@rlh you definitely aren't being dismissive! It did feel a bit like @Ben was, though, which is why I posted in this thread in the first place. I imagine, from the tone of his post, that if I hadn't posted here, as well [and all of you, too] this issue would not be considered further.

Implementing something like this would actually be a security boost to the "words" feature—currently the entropy of passwords it provides is low, and with differing cases and the option to add numbers, suddenly those passwords would be a lot more secure—and actually usable on most websites.

I very often find myself having to enter passwords on computers and devices without 1Password (work computers; a friend's Apple TV; my dad's computer; etcetera) and so typing out passwords manually is still a requirement. Also, 1Password can't automatically enter passwords into a lot of third party applications, and sometimes password fields on certain websites don't allow pasting (automated or manual)—so even on some devices with 1Password I'll have to type things out. And sure, the Javascript on/off trick works, but that's WAY less convenient (more time consuming, more clicks/sometimes more keystrokes) than just typing out something I can easily remember. (Particularly for passwords I have to enter frequently.)

For me, and it seems for a number of you, it's a lot easier to remember, and to type out, passwords that have words in them—even if they have more characters than the "robot vomit" completely random character sequences. It's a common preference that I don't think 1Password accommodates enough, and I think changing how the generator works for word-based passwords would be an excellent quality of life upgrade.

Until then, I personally will not be using the 1Password generator because it doesn't easily create the kinds of passwords (with combinations of words/cases/symbols/numbers) that I personally prefer to create.

@BenFerber Multiple good use cases. I definitely sympathize with the typing in others' computers scenario. And even if I don't imagine wanting/needed the requested functionality I can see how adding it would have value.

And, "robot vomit"... :-) :-) :-)

I would like to see this feature too. And I would imagine it would be easy to implement considering the options are already there for a random character password.

+1 for adding an option to include or exclude capital/lowercase letters in the password generator. I've been encountering sites that allow special characters but not capital letters, which to me is very strange, but I'm seeing them nonetheless. In such cases I'd rather just un-check an option to exclude a letter case and proceed to generating the password. The option to exclude certain characters isn't really an issue to me, since 99% of the time you can regenerate a password and the offending characters are typically replaced by ones that are allowable. Letter case, on the other hand, is entirely different. You can hit the generate button a million times and not get one single password with all lower or uppercase letters.

I don't think it has anything to do with 1Password trying to determine what a site's password requirements are and certainly wouldn't want/expect them to fall down that rabbit hole. I think it is more about helping the user meet those requirements as efficiently and effortlessly as possible. Besides, what if I want to generate a password using numbers, symbols, and only one letter case? I also don't believe that adding options to meet these types of requirements undermines or trounces the security of 1Password in any way, especially since the premise of this application is built upon 1 password to rule them all. I worry more about my master password and how 1Password secures and transmits sensitive data than I do if joeschmo.com gets hacked and my password for that site is revealed. The security or liability of 1Password isn't compromised one bit in that scenario and I can determine on my own whether or not to simply change my password or close my account with that site entirely. I only bring up those final security points because the security of passwords is referenced many, many times when additional features exactly like this one are requested, and while I absolutely agree with those points, I can also agree that what a site's password requirements are (no matter how lax) is entirely irrelevant to a feature request such as this one.

That said, even though 1Password lacks the generator options that most password managers have, I can definitely say that I think it is by far the best across the board. I just left version 4 and local sync for version 7 and cloud sync and so far I love it.

Thanks for your response Kevin. I agree with your point. 1Password has an extremely clean and intuitive UI, and you guys and gals have done a wonderful job of making sure that experience transfers across all platforms. Besides being a long time user of the app myself, it is one of the main reasons I have chosen to stick with it going forward. I'm trying to bring my wife along in maintaining more secure logins and protecting sensitive information, and if the application handling that is the least bit confusing I'll lose her pretty quickly. I can certainly appreciate that aspect of the design.

Given that some sites have very specific PW requirements — one cap, a digit, a symbol, blahblah — I'd love it if 1Password let us set up the formula a site requires and then generates a pw. This would be so much more useful than the present options.

Thanks, Lars. Understood.

Yep, and now correct horse battery staple is probably used by thousands! ;)

I like passphrases a lot, they're why I switched to 1Password in the first place. I don't think I've used one in the past year because I know clicking submit means there's a decent chance I'll be kicked back for not having a number or upper case letter.

I get that I could manually edit every single passphrase I want to create with some collection of numbers or upper case characters, but one of the draws of password managers is not having to think about these processes. Not to mention the pain this can be on a mobile device with some non-optimized mobile site that rejects my password so I have to go through several more steps after getting my cursor back in some poorly zoomed entry field.

I don't think anybody here would argue that such restrictions are necessary for good security and I get the feeling that the Agilebits dev team doesn't want to concede to stupid password rules. However, in my experience, a large majority of web accounts have these security requirements to the point that I don't even bother using the key feature that I switched over for. Maybe that's because I don't work for a flashy tech company that's up to date on the latest NIST standards, but I experience this pain point several times a week. I wish AB would understand that we're requesting a usability fix, not a security feature.

"My favorite example of this is when sites tell you to "create a strong password," but wait until after you've done so to show you that you can't use certain characters, or that, by "strong," they meant "8-20 characters," so the nice strong 35-character password you generated is invalid for no other reason than length."

Lars, BTDTNT!

BTW, how involved is the process to add this capability? Is it possible to include it with the next (or one after) update that is in the pipeline?