1Password X Suggesting Weaker Passwords

When creating a new account or changing a password, 1Password X suggests a password that is weaker than the generator usually gives. Picture below details a suggestion that is only 13 characters long.

How can I make the suggested passwords more complex or longer by default?


1Password Version: Not Provided
Extension Version: 1.18.6
OS Version: Windows 10 Pro 1909
Sync Type: Not Provided
Referrer: forum-search:1Password X Weak Suggestion

Comments

  • kaitlyn
    kaitlyn
    1Password Alumni

    Hey there @voxelsprite!

    Thanks for bringing up this change. We were occasionally coming across websites that didn't allow the previous 20 character suggested password. Your screenshot is a great example – you're asked to enter a password between 8 and 16 characters. Previously, the suggested password was 20 characters, which would have been rejected by the site in your screenshot. We altered the recipe to give you a strong, unique password that fits a larger majority of password restrictions. That said, you always have the option of generating a password with custom rules in the 1Password X pop-up. You can do that by clicking the 1Password icon on your browser toolbar, then click the + button, then click Password Generator.

    I hope that clears things up, and I'd be happy to answer any other questions you have.

  • charlieholder
    charlieholder
    Community Member

    Commenting to share I had the same problem.

    That said, you always have the option of generating a password with custom rules in the 1Password X pop-up. You can do that by clicking the 1Password icon on your browser toolbar, then click the + button, then click Password Generator.

    This helped so much. I'm not sure why, but I forget I can click the icon in the toolbar.

    I would vote for the ability for me to decide what my default password generation rules are for the browser extension. I would rather the default be what my preferences are and adjust down for the site instead of starting with something less and then adjusting up when possible.

  • kaitlyn
    kaitlyn
    1Password Alumni

    @charlieholder – I'm glad to hear that helped you out! I'll pass your feedback along in regards to making the inline suggested password customizable.

    ref: dev/core/core#352

  • mdm
    mdm
    Community Member

    Same problem here and +1 for the feature request. I wonder would it be more intuitive if the extension inherited the same password complexity settings as the desktop app? That's why I ended up here on this thread, I wasn't sure why the suggested password wasn't adhering to the rules I set in the desktop app.

  • Thanks for the +1, @mdm! I've gone ahead and added you to the list.

    Please remember that although the suggested passwords are shorter, they do comply with our entropy and complexity algorithms and are still considered strong passwords. The option to edit the suggested password recipe is still being discussed, though. Hopefully the password generator in the pop-up will suffice for creating custom passwords in the meantime!

  • SPctaylor
    SPctaylor
    Community Member

    +1 for this feature. Even though the suggested passwords are shorter and comply with your entropy and complexity algorithms, they do not comply with my companies standard. So there are systems we enforce password rules on, and 1password x doesn't comply with any of them. This makes password resets clunky and/or painful for for our employees across these multiple systems. So every 90 days there's a burst in password resets from various users. Unfortunately training the people hasn't been working with this

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the feedback as well @SPctaylor :+1: :)

  • alextran
    alextran
    Community Member

    +1 for being able to customize the suggested password generator. the thing i love about 1P is how quickly and easily i can generate/save logins.

    but as it stands now, using a different password recipe for the suggested password generator causes more work for each saved login because i have to manually override it.

  • Thanks @alextran. :)

    Ben

This discussion has been closed.