Feature Request: custom template(s) for proposed new password

Hi @iOSMacPCUser

Thanks for the suggestion. The password generator is an area that we are currently evaluating and hope to make more uniform going forward.

Ben

Hi @Authority

Just tonight, I opened a new back account and the special characters accepted by the banking login were limited to a subset of what 1Password uses to generate passwords. I kept regenerating the password, hoping one would eventually meet the requirements of the bank, but it never did.

This is a struggle that we're aware of. In an effort to combat password re-use some banks have intentionally limited allowable special characters to a subset that typically isn't allowed elsewhere.

I had to use another password generator where I could specify exactly which special characters I wanted to be available.

Perhaps this will have to be the answer for us as well. I'll be happy to share the thought with our security team for further consideration. I know they've done a lot of behind the scenes work on the password generator in the last few months, so we may see some relief here soon.

Even better would be to make it part of the password entry itself. Not every login system is going to accept the same special characters and I'm certainly not going to remember which special characters I can use for each system when the time comes to rotate the password. Having to twiddle the password generator settings each time would not be particularly fun. I should just be able to set the password policy one time and then every password I generate -- for that login -- should meet the requirements for that system.

We've discussed that idea. I don't think it has been completely ruled out, but there is a lot of hesitation, for two reasons:

1. There is nothing saying that the allowable characters will remain the same. Remembering them could do as much harm as it does good. Particularly in the event that a system is updated to allow more characters limiting them in that circumstance would be a downgrade in security.
2. No standard exists for conveying what characters will be accepted in a password. Many systems won't even show this information until you've tried to set a password using characters that are not accepted. Ideally there would be a standard defined such that this information would be available to password managers and we could act on it accordingly.

I don't know if such a limitation is technical or UI related -- I suspect both.

I don't think it is so much a technical limitation. Under the hood the password generator has an enormous amount of capability. Only a fraction of that is exposed. That's intentional. It is always going to be a balancing act.

If you need some UI inspiration, maybe check out how Password Safe (pwsafe.org) implemented this feature. I always found it both effective and easy to use.

Thanks for the tip. :+1:

Ben

Hi @cmroanirgo,

While that is a very interesting thought, the work involved in creating such a feature compared with the percentage of 1Password users that would benefit seems to be significantly askew. Our current focus is on making 1Password more accessible to a broader audience, and focusing development efforts on such a feature would take focus off of that goal. That isn't to say that those priorities won't shift in the future, so perhaps it would be worth revisiting this down the line, but I imagine there may be other concerns with this approach as well.

Ben