Password Generator: need ability to restrict the special characters

So many of the websites I use limit the special characters that can be used, so 1password's generator almost always falls afoul of those requirements. LastPass has a field to past the special characters to limit what can be used. It's probably the feature I miss most from LastPass.

Please let me know if I'm missing something in the generator settings, but the generator seems too basic. I would love to be able to copy-paste the list of permitted and/or forbidden special characters which are always provided by the site when updating a password.

Using Windows 10, Android, Firefox, and Chrome.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Yulka1355
    Yulka1355
    Community Member

    Hi @BalkyBlip,

    You didn't mention which extension of 1Password you're using, so here's how you can generate your own password in the 1Password X extension and in the 1Password 7 companion extension.

    In 1Password X click and select Password Generator. There you will have the option to manually change the recipe of the password that you generate. It would look like this:

    After clicking in the companion extension, it would look like this:

  • Hi guys,

    @BalkyBlip in addition to what Yulka1355 mentioned, you can edit the new password itself to insert or remove special characters and once you do that, you can hit Copy or Fill to insert the new password.

    At the moment, we do not plan to add more settings to the password generator to restrict or filter out certain characters.

  • BalkyBlip
    BalkyBlip
    Community Member

    That's disappointing since this occurs on a lot of sites. Having to hunt through a long password for offending special characters is annoying and adding in non-offending one makes it a bit less random/secure.

  • Greg
    Greg
    1Password Alumni

    Hi @BalkyBlip,

    Restricting characters in a password generator will reduce the strength of the randomly generated passwords and we don't want to do that. I also notice more and more websites adopting better security practices with regard to password acceptance and storage, but my personal experience may be different.

    Please let us know if you have additional questions, we are always ready to help. Thank you!

    Cheers,
    Greg

  • BalkyBlip
    BalkyBlip
    Community Member

    I'm not the one restricting the characters, it's the company websites that limit them. These are often companies I really want a strong password for: financial, HR related, insurance, medical, etc. I would think that being able to randomly generate a password from a reduced list that the company allows is more secure than generating a password without special characters and then me choosing one myself to meet the one-of-each requirement.

  • At this point, @BalkyBlip, the generator in 1Password X and I believe now 1Password for Android (though I'm not totally certain of that off the top of my head) actually do restrict the allowed symbols somewhat. The goal there is rather like what you described earlier – to allow you to generate a password from a more limited character set that's more likely to be accepted by the site but still as random as we can make it. This thread discusses 1Password for Mac specifically, but the generator itself is the same one you see in 1Password X today so Jeff Goldberg's comments there apply equally for 1Password X on Windows. As Jeff mentions there, this is the first step towards a larger goal so I'm not arguing this is perfect, but I hope it helps to explain why we chose the path we did and would encourage you to share your thoughts there if you find a bulk of sites where this isn't working as well as we'd like.

    Now, with that said, 1Password for Windows' companion extension doesn't have this new generator yet. There, I'd expect more trouble with picky sites. If it's the companion extension giving you trouble, I'd suggest trying 1Password X, if that's an option, and seeing it works better for you. And, of course, I sincerely hope we'll have the new generator on Windows in a future update as well. :chuffed:

  • zebdro
    zebdro
    Community Member

    Idea💡

    Let me know if this is flawed.

    Could 1Password maintain a db of password requirements for each and every site reported by users, and automatically adjust the password generator to adhere to that site's requirements.

    So if I go to some state tax website with weird pw requirements, 1P already knows this and generates passwords that meet the requirements.

    Possible?

    Smart?

    Thanks for reading.

  • Possible? Technically yes, @zebdro. But practical? Generally not. I don't think anyone would suggest we do this for all sites by any means (the internet is a big place), but there isn't currently any convention for exposing password requirements at all. This means even doing just the most popular sites (and making sure they stay updated) is quite a lot of manual work. The calculus would probably change dramatically were there a way to automate such a list and there are some interesting ideas that have been put forth to do just that, but as it stands such a feature would be very limited to the point where the value seems rather negligible compared the work required.

    Despite this, I'd absolutely love to see it happen, though, and I'm certain I'm not alone. I've got my fingers crossed one of the proposed schemes for uniformly and openly sharing password requirements via some code on the site itself gets traction and we'll have some better tools to work a bit more magic like this down the road. :+1:

This discussion has been closed.