password generator in 7.3

13»

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @vr8ce: Yes, but you're not the only user. We've got to design 1Password so that it does the most good for the greatest number of people. As @hawkmoth rightly points out, we still have work to do. "Control" isn't in and of itself a good though. Randomness is the absence of control, and since the strongest passwords are random ones, in this case, less control makes sense for 1Password's core function. If all you want is control over password creation, you don't need an app for that. Anyone can make weaker passwords with their own brain.

    But to answer your question directly,

    Why is it we have to justify how we generate passwords?

    You absolutely don't have to justify anything to us. But -- let's be realistic -- by the same token, if you're not willing to have a dialogue with us to help us understand your specific use case, the chances of us making any tweaks to help are almost nonexistent. I think what Goldberg said is very reasonable:

    I would like to have a better understanding of why you want to be able to specify the exact number of digits and symbols instead of simply "must contain symbols and digits".

    If you have dietary restrictions due to medical issues or food allergies, it's generally a good idea to make sure that the people preparing your meal are aware of that beforehand. Likewise, if there are things like that or other considerations we need to take into account which we aren't at present, it would be beneficial to know them so they can be weighed against all the other considerations which need to be balanced.

  • vr8ce
    vr8ce
    Community Member

    I didn't say I was the only user. In fact, I didn't mention me at all. I said, "We're the users." Please don't mis-quote me.

    Your implication is that specifying the number of uppercase, or numbers, or special characters automatically means weaker passwords. That is nonsense.

    Yes, we do have to justify something. That's exactly what your "let's be realistic" sentence says — justify what you want, or we're not making any changes.

    Bad analogies don't do anything for your argument, either. Again, you're the one that made the change. An unnecessary change. A change that negatively impacted your users, who came here telling you so. If you want a food analogy, you're a restaurant who has changed a beloved recipe for no reason, and then demanded your customers justify why they liked the old recipe better.

    What usually happens in that case is the people start going to a different restaurant.

  • Thanks for taking the time to share your point of view @vr8ce. We'd still like to hear about any specific cases:

    I would like to have a better understanding of why you want to be able to specify the exact number of digits and symbols instead of simply "must contain symbols and digits".

    Ben

  • vr8ce
    vr8ce
    Community Member

    My use case is I want to specify how many special characters and numbers are in my passwords. Just like I have for the past umpteen years.

    But that's not what you (collectively) want. You want us to prove to you that we need to be able to specify it. And I'm not doing that. You're the ones that screwed up the functionality, you're the ones that should be justifying the change. And you haven't, because you can't. There is no reason to remove that control from the users, regardless of what underlying changes you made to the algorithms.

  • OAW
    OAW
    Community Member

    @vr8ce The functionality you seek still exists in the main app. I'm not sure if there are plans to switch it over to the simplified functionality that now exists in the mini or not. But for now you can access it there.

  • Lars
    Lars
    1Password Alumni

    @vr8ce

    ...you're the ones that should be justifying the change.

    Respectfully, we've already laid out our reasoning for making the changes to the Password Generator in 1Password's mini in more than one previous post. If you have any questions about those reasons, we'd be happy to answer. Similarly, if you'd like to share with us your own reasoning, we'd be happy to listen. Beyond that, I'm not sure what else we can offer you.

    You want us to prove to you that we need to be able to specify it.

    Again, respectfully, to reiterate what brenty said earlier, we truly don't.

    What we most definitely are doing is asking those who would like to share their use-case and reasoning with us to please do so, so that we can understand what's motivating people and potentially gain a wider perspective on the issue -- or potentially even learn something we didn't previously know. Sharing your reasoning/use-case also may indeed result in changes - at least, it's more likely to if we understand why people want what they want, or how they use 1Password.

    But to be as clear with you as possible - doing so also may not (result in changes). Earlier you said something similar: that we're trying to force you and others to "...justify what you want, or we're not making any changes." I want to emphasize that one of the main reasons it's not the case that we're trying to force you (or anyone else) "to 'justify' themselves" isn't just because you're right that it's your business to share or not as you see fit, but also because it simply is not the case that if if you did choose to explain your use-case/reasoning/preferences to us, we'd make changes. That's just not how it works around here; our user base is now large enough at this point that nearly any change we make will result in delighting some users and enraging (or at least disappointing) others. Since there will be users themselves whose wishes are in 180° opposition to the wishes of other users, it has become literally impossible to make changes to 1Password just because someone articulates their reasoning/use-case. So we don't try, because that way lies frustration and aggravation for both us and you. Instead, we do what it may have been less clear in the past that we've always tried to do: take feedback (even criticism) into account and combine it with our own best judgment about the best way forward. We'd be the first to admit we don't always get it right the first time, and that we don't have every good idea in existence. But sharing with us your reasoning, use-case and preferences remains the most-likely way for changes of the sort you want to actually happen. To paraphrase what brenty and Ben have already said, if we don't understand what people want as well as why they want it, we're much less likely to make any changes.

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited June 2019

    My use case is I want to specify how many special characters and numbers are in my passwords.

    I want to understand why that is valuable to you. You can chose to help me understand that or not.

    Just like I have for the past umpteen years.

    Here are some other changes we have made over the years:

    • We used to have a check box for "allow repeated characters". We removed that some years ago, when we found that fewer sites were banning passwords with repeated characters.
    • We used to have "<" among the default symbol sets, until we learned that some sites silently truncate passwords at that character.
    • We didn't used to have the word list generator. Now we do.

    We have always made changes. We try to be cautious when doing so. And if the changes cause problems, we like to understand why. You are under no obligation to help us better understand why this change causes problems for you, but I hope that you will.

  • mrabinormal
    mrabinormal
    Community Member

    Feels like I'm beating a dead horse here, but I'm going to chime in anyway.
    The random password generator (without needing to create a login) for Throw away passwords was/is invaluable to me.
    It was a huge quick and easy time saver. I work as a systems administrator and need to create one off passwords that I do not need recorded in 1password. Set it and forget it style stuff here. I like it to be complicated so that's why I relied on 1Passwords quick random generator. Now it's a huge pain to create a random password. Frankly the entire new Interface is off-putting and I'm seriously considering finding a new alternative to 1Password.

    I get wanting to end the confusion of customers possibly locking themselves out of a site because they created a one time password and didn't save it. That said, did no one think of the advanced users? Put it as a feature you can enable in the advanced tab and give us back our random generator... Doesn't seem like rocket science to me and clearly it's something people are upset about. I know I am.. :-/

  • Ben
    Ben
    edited June 2019

    @mrabinormal

    Now it's a huge pain to create a random password.

    What specifically are you finding difficult?

    I get wanting to end the confusion of customers possibly locking themselves out of a site because they created a one time password and didn't save it. That said, did no one think of the advanced users? Put it as a feature you can enable in the advanced tab and give us back our random generator... Doesn't seem like rocket science to me and clearly it's something people are upset about. I know I am.. :-/

    If you want to generate passwords without saving them that is possible here:

    Strong Password Generator | Best Password Strength

    (update: I'm being told this web-based generator should be considered "for demo purposes" and while ours is safe it is a good idea to avoid web-based generators in general, so please ignore this recommendation)

    For quite some time we've saved generated passwords within the 1Password for Mac application. This is not a new feature. It is more evident that it is happening now, but it has been happening for a long time.

    Ben

  • mrabinormal
    mrabinormal
    Community Member

    @Ben
    This is absolutely not a solution to what the application provided with ease. This is an excuse attempt to bypass the fact that you removed a valuable feature of the application that didn't involve opening a website. I can do that from multiple sites.... :-(
    Nice try.

  • AGAlumB
    AGAlumB
    1Password Alumni

    We didn't remove anything. You can still generate passwords entirely outside of the browser:

    And, as Ben pointed out, saving Password items is not a new feature either. I've been telling people about this important safety net for years (even the support article for it was last updated nearly a year ago, and it's just the most recent in a long line).

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    The random password generator (without needing to create a login) for Throw away passwords was/is invaluable to me. It was a huge quick and easy time saver. I work as a systems administrator and need to create one off passwords that I do not need recorded in 1password.

    Thank you for that @mrabinormal! That is the kind of feedback we are looking for.

    I know that what I'm about to suggest isn't ready for prime time yet, and requires compiling code, but we have published the source of our underlying generator. There is a proof of concept command line interface for it.

    Speaking personally, I would like to see that turned into a stand-alone generator which exposes all of its power to the user. But it's not something that I have the time to work on.

  • TheDutchGuy
    TheDutchGuy
    Community Member

    I know there is some discussion about the generator. I feel the same that something is changing my workflow. However I'm not going to downgrade to see what happened before.

    What I can do is give some feedback on what could help my workflow:
    1. When generating passwords, automatically fill them instead of giving me a save&copy option.
    2. When generating passwords, make the Title fields, URL, username and vault editable. Most of the times 1P does not ask to save the new login after I used the generator on a new website. So I have to open 1P, search for the password, convert it to login, edit the record, move it to the correct vault. Which could have been done in one go.
    3. Also an extra would be to have the username field give common suggestions. We all use just a few emailaddresses and mostly the same usernames.

    Good luck and enjoy the weekend :chuffed:

  • AGAlumB
    AGAlumB
    1Password Alumni

    @TheDutchGuy: Thanks for the suggestions!

    1. When 1Password can find a place to fill on the current webpage, it will offer you that option:
    2. Maybe something we could expand on in the future, but some of this is already possible when saving a Login (it isn't applicable when not saving a Login item): (But if you do need to find an item you just saved/edited, sorting by date modified in the main 1Password app makes that easy.)
    3. While not everyone uses the same email/username everywhere, and iOS already has a convenient way to suggest the former, maybe it's something we could find a good way to do on the desktop in the future.

    Enjoy your weekend as well. Cheers! :)

  • Demerion
    Demerion
    Community Member

    Hey there,

    I'd also like to use the opportunity that this feed is still open.

    I can see what you mean when you say that controlling the number of symbols, upper/lower case letters etc makes the password less random, which is true.
    However, in my case, I'd like to have a high number of symbols to make the password harder to guess (not that it makes a big difference). So I often find myself regenerating passwords until I get one that has at least 5 or 6 symbols. Therefore it would be nice if I could specify that I always want at least X symbols etc, like in the standalone app.

    To be honest, I was pretty disappointed in the Firefox Extension of 1Password (no dark mode, can't control the number of symbols,...), but reading the corresponding discussions made it easier for me to accept.
    I'd still love to see a way to specify the number of symbols etc though, maybe as an advanced setting, as @mrabinormal suggested.

    Cheers!

  • Lars
    Lars
    1Password Alumni

    @Demerion - thanks for the feedback; I don't have anything to announce regarding developments on this issue in particular, but we'll continue to evaluate it as we move forward.

  • mbernhardt
    mbernhardt
    Community Member

    I cannot figure out how to unsubscribe from notifications for this discussion. Please tell me.

  • Lars
    Lars
    1Password Alumni

    @mbernhardt - sorry for the unwanted noise. Click you photo/username at the top of the forum page ^^ then click the little person icon at the top right of the next page and choose "Edit Profile." On the resulting page, choose "Notifications Preferences" from the left sidebar. You can adjust your settings there. Hope that helps. :)

  • mbernhardt
    mbernhardt
    Community Member

    Not quite. I don't want to end notifications universally. I just want to opt out of this discussion. Often in forums you can leave a discussion, or change notification settings for that particular discussion.

  • Lars
    Lars
    1Password Alumni

    @mbernhardt - everything you see in those notifications preferences are what you can adjust; we have no special or secret ability to make changes to your forum account here that you can't set yourself in that Notification Preference screen.

  • mbernhardt
    mbernhardt
    Community Member

    I see, I have to turn off notification for discussions I've participated in, but bookmark the ones I'm interested in. I've done it now.

This discussion has been closed.