password generator with words is not always acceptable

I'm piggybacking on this thread because my issue and my usual solution (manually tweak the suggested password) is the same as the original poster's. But I'd like to add a feature request, or more accurately a request for feature restoration, as well:

In both the Windows app and the old 1Password Chrome extension, I'm able to edit the generated password in place (in the Password Generator popup's textbox) before clicking the "Copy" button. In the 1Password X extension, that textbox is read-only, so I have to click "Copy", then paste it into something I can both see and edit, and then copy the modified password to the clipboard.

In a future version of 1Password X, could the Password Generator's password textbox be made editable, to avoid the extra paste-and-recopy steps?

I'd like to see this as well. I find it curious that your Android app supports mixed-case "memorable" passwords while your Mac app does not. The Android app also supports both full words and non-dictionary, but pronounceable wordlets, while again, this option is missing from the Mac app. This is a requirement for some of the more secure systems I use that prohibit dictionary words. Neither support required numbers and I'd really like to see all of these issues fixed. I've just started using 1Password and am really impressed with some of it's features but frustrated by really simple oversights like this. Functional consistency across platforms should be a given.

Thanks, Ben. It does help, but I was surprised that, rather than integrating with my account, it prompts me to sign up for a 30 day free trial every time I copy a generated password.

You might also want to check your word database. I laughed at this suggestion, but some might be a bit offended by "Penile-surcease-liar-organdy".

Didn't want to start a new topic - this seems quite relevant. I'm all for an updated password generator too. I prefer using words like @vorlonscout and @iherman have indicated.

Like them, I'd like the option to add capital letters, numbers and symbols. I'd also like to add the option of specifying how long the password needs to be - just specifying words doesn't work very well when you need a password of a specific length.

I don't like the Characters generator, and would prefer to use words as they are much easier to type - and I'd think that adding random changes like caps, numbers and symbols would introduce enough entropy to resist dictionary attacks.

(FYI, the generator on your website seems to have a flaw. Every password it generates (and I've tried over 10 times) capitalizes the first letter. I'd think that would lead to a vulnerability.)

I have been asking 1Password to do this for over a year. I just sent them another request to try to resurface the issue.

For whatever reason, they don't seem to like the idea as it never makes it onto the list of enhancements and fixes that 1Password regularly releases.

Since adding a few more preferences to the Password Generator isn't a monumental change requiring hundreds of manhours, I really wish the folks at 1Password would explain why they do not like the idea and won't implement it. I get that you do not like word-based passwords. But I have valid reasons for using them.

I hear you when you say there are a multitude of password requirements at different websites and you cannot make 1Password compatible with all of them for both password generation and auto-filling of web forms. I really do understand.

But as I have said many times before, these days most web sites want a combination of letters and numbers, some want at least one uppercase letter and a rare few want a symbol like # or *.

I understand the long term goal is for 1Password to automatically give the website what it wants in a super secure password but implementing that probably is a monumental task.

I also understand that a gibberish password is more secure than a series of unrelated words.

But if I use any public computers where 1Password isn't installed it is a lot of effort to open my vault via a web browser. Because I have a set of complex passwords on my 1P account. So I have to go to my cell phone anyway to look up that info and type it in.

So it is super easy instead of going to 1Password on the public computer via a web browser to instead go to 1Password on my phone and look up and type in the password for any site when I am not using my own device. I can remember wolf2.seaweed.Tent long enough to type it in. CXy236#rSu4# isn't so easy.

So to me, the former random word-based password is secure enough. Again, I realize that pasting in a password is more secure than typing it in. But just to get to my vault via a web browser to look up a password so I can paste it in requires typing in my 1P credentials. I only ran into an Internet café using a keystroke recorder once in my life, in 2007, in Brazil. And the bank caught the attempt to pay $8,000 to some random duped dude in New Jersey.

So if there is a keystroke recorder on a public computer would I rather compromise one single password to one web site or the password and key to every password I have? So I am not going to switch to gibberish passwords. If I use a public or alien computer and need a password, I will continue to grab it off my phone and type it in.

So implementing the ability to add some uppercase letters and a number or two before or after the word only makes a word based password more secure, not less. Much harder to hack by brute force.

So if you really don't like word-based passwords, I'd think you'd be gung-ho to add anything that would make a word based password more complex.