Need to put back functionality in pass generator in Mini
Need to put back the functionality stripped out of the password generator in Mini. Removing number of digits and symbols is an issue. As is the option to avoid ambiguous characters. There also should be an option to avoid repeating characters.
The first password I was updating after installing the update would not allow multiple numbers. No way to avoid it unless I went into the full program to choose number of numbers. Many sites won't accept repeatable characters in a row (That should be an option). Some websites only allow specific symbols and thus not being able to reduce the number of symbols to 1, makes it impossible to let 1pass generate a password in the mini since its virtually;y impossible to get a password that will contain symbols that are acceptable since the password will contain multiple symbols every time you try a new one.
Also, I though maybe the mini would retain the last used settings from the main program, when setting the password options using the number of symbols and/or numbers slide. But nope. So no way to limit the number or symbols. But.... that is a temp solution if it did work and the real fix is to put it back in the mini.
I also think that the "+ New Password" wording should be changed to "+Generate New Password". I am very good with computers and I was confused. I also think the drop down needs to be more clear. That maybe should have some text to the right "<-------Click for categories". My parents will never remember or know where to find these things.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @imt
Thanks for taking the time to write in about the changes to the password generator in 7.3. While I don't think it is likely we'll put these options back exactly as we had them we would like to better understand what difficulties folks are having as a result of the changes so we can best evaluate what changes might still be appropriate.
My colleague jpgoldberg has written a couple of posts on this subject I'd like to direct you to:
- https://discussions.agilebits.com/discussion/comment/508546/#Comment_508546
- https://discussions.agilebits.com/discussion/comment/508624/#Comment_508624
In short we really need to know _specifically _where things are breaking down. To best evaluate how to move forward to address the issues folks are having it would be incredibly helpful to know:
- The URL of the site where the problem occurs
- What about the password the generator created was unacceptable (e.g. "the
!symbol was included in the generated password but the site only accepts@ # $ * _ -) - How many attempts it took to generate a password that was accepted
Thus far very little of this kind of feedback has been provided and without it we're going to have trouble justifying any changes. Thanks for your consideration.
Ben
0 -
Thank you for taking the time to write this feedback! I believe that when Ben asked where things are breaking down, he meant so in technical terms: if you can let us know where the process itself is causing issues, we will be much better equipped to investigate and try to reproduce this. Answering Ben's questions will help us very much in doing so:
- The URL of the site where the problem occurs
- What about the password the generator created was unacceptable (e.g. "the ! symbol was included in the generated password but the site only accepts @ # $ * _ -)
- How many attempts it took to generate a password that was accepted
Thank you!
0 -
I will get back to you on this in regard to specific web sites. The issue off why maybe this isn't on your radar or affecting existing longer term users, which is the larger base, is that adding additional sites is less frequent. An issue with one site might not be that big of a deal. For example, myself since I have updated every password on every site yes ago with the old mini.
But... my frustration comes with helping a new user(s) with starting with new password. Thus, you are trying to change passwords on multiple sites one after the other and then this becomes real frustrating trying to use the mini and can't adjust parameters. Plus I am very skilled with 1Password and the most technical in my family. Getting my parents to use 1Password and getting the premise is hard enough. Having them remember and deal with frustrations with generating passwords and them not working and the added complexity with trying to make things conform is another level. Thus is a whole other topic on possible improvements of the 1Password experience for non-technical or those whose technical skills have somewhat declined. i.e. learning challenged ;)
In the 4 or 5 sites I had helped change in the one day, there were two I had issues with. I will see if I can go back to those sites and change password screens to see if I can figure out the specific sites. One the issue was a generated password with repeatable characters in a row. i.e. AA in the generated password. The other was a symbols issue in that the symbols generated included symbol(s) which were not allowed. I typically have always set symbols to 1 to help avoid this issue since you can quickly spot the single symbol in a 25 string and quickly regenerate and typically come up with a regenerated password very quickly that then complies. I have on some occasions manually changed the symbol but I avoid doing that. Having like 2-3 symbols in the generated password would lead to at least 1 that does not comply. Maybe if the generated password only contained a single symbol (albeit 1-3 times in that password) then it would be the same as what I am describing, since regenerating will be changing that one symbol.
0 -
@imt - thanks! That's exactly the kind of feedback that will be useful to us -- specific sites, with specific restrictions or requirements that were a problem for the new Strong Password Generator. You can post them here, or if privacy is a concern to you, you're welcome to send them to support@1Password.com and include a link to this thread in your email. :)
0 -
Here was one for Chase.com. The special characters were an issue since I kept getting passwords with the invalid special characters.
Your password can be 8-32 characters long and it must include at least two of these elements:
At least one letter (upper or lowercase)
At least one number
At least one of these special characters: ! # $ % + / = @ ~.A few more guidelines:
It can't be the same as your username or your last 5 passwords.
It can't include any other special characters (&, <, *, etc.).
It can't include more than 2 identical letters or numbers (aaa, 111, etc.), and can't include more than 2 sequential letters or numbers (123, abc, etc.).0 -
@imt: Oh totally. I'm a Chase customer and know just how difficult their system can be to deal with sometimes. ;) However, the old password generator wouldn't help at all in this case. You can easily meet these requirements with the new one:
At least one letter (upper or lowercase) At least one number At least one of these special characters: ! # $ % + / = @ ~.
Just have both Symbols and Numbers checked, and 1Password will always include letters too. These are a bit trickier:
It can't be the same as your username or your last 5 passwords.
But the odds of 1Password randomly choosing your username or previous passwords are astronomical....
It can't include more than 2 identical letters or numbers (aaa, 111, etc.), and can't include more than 2 sequential letters or numbers (123, abc, etc.).
As would be getting more than two of the same characters in a row. More than two of the same number in a 32 character password is more likely, but still not common, and not really something 1Password can "understand" and act on, nor should it artificially limit entropy by trying to play these games when simply generating a new one will work.
It can't include any other special characters (&, <, *, etc.).
While you can get some of the other symbols randomly in a password, regenerating it will get you a new one if you get something unacceptable.
In all of these cases, you'd be in pretty much the same boat with the old generator -- which actually used a few more symbols which aren't allowed. When websites have bizarre password restrictions/requirements, it won't be possible to always get an acceptable one on the first try. But perhaps we can find a way to have 1Password detect this in some cases in the future, if not before the websites themselves start adopting better security/usability practices. There is no reason besides institutional inertia that they can't accept any password and just hash it properly.
0 -
I beg to differ on the symbols. This is the issue mostly with sites and what I started the thread about.
On the old generator in the mini you could limit to 1 symbol. Then less odds of generating a password that doesn’t fit or can easily manually change the one symbol to something else.you could rapid fire refresh since you are looking for only one colored symbol in the list. Now you get a min of 2 and many times 3 for each regeneration. you then have at least one in many cases that doesn’t comply. Trying to look at a 25-30+ string and view and find all and see if they are or are not on the “acceptable” list is not easy. Yes they are a different color but those smaller symbols are not as easily seen when multiple.
0 -
Trying to look at a 25-30+ string and view and find all and see if they are or are not on the “acceptable” list is not easy. Yes they are a different color but those smaller symbols are not as easily seen when multiple.
@imt: I agree with this completely, which is why I just let the site do the work for me. If it's unacceptable, it says so. No need to do that work yourself. :)
At the end of the day, you could just as easily get an unacceptable password with the old generator. Believe me, I deal with Chase a lot, with multiple accounts. :joy: And the old generator actually had more symbols they would not accept.
I just generated 5 passwords in a row, with 3 being acceptable based on that site's criteria, numbers 3 and 4 failed due to
*. You won't get identical results, but just as a matter of probability they'll be similar.In the future, perhaps we can make a way to specify exclusion. But hopefully we can both agree that arguing about this takes much, much longer than it does to get a suitable password. :)
0
