This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Password Generator needs improvement
It would be nice if the Strong Password Generator would auto-detect the number of characters allowed when first activated:
Several times I've opened it and set the length at 20 characters, then refreshed the password several times until one was displayed that I liked, and when I hit the Fill button was informed that the chosen password was too long. Then I had to start over again.
I usually keep the length set at 20, so when I activate P.G. it should auto-detect the maximum number of characters allowed and lower the setting accordingly, and display a message as to the maximum length allowed.
Also, I want to be able to select or deselect which special characters to allow in my passwords. There are certain characters I want to never appear, and I always have to refresh the password many times until one is generated that does not contain the unwanted characters.
Optionally I can manually delete and replace them with other characters. I have also run across websites that do not allow certain characters in passwords, so if I could deselect them I could generate a successful password much faster and easier.
Several times I've opened it and set the length at 20 characters, then refreshed the password several times until one was displayed that I liked, and when I hit the Fill button was informed that the chosen password was too long. Then I had to start over again.
I usually keep the length set at 20, so when I activate P.G. it should auto-detect the maximum number of characters allowed and lower the setting accordingly, and display a message as to the maximum length allowed.
Also, I want to be able to select or deselect which special characters to allow in my passwords. There are certain characters I want to never appear, and I always have to refresh the password many times until one is generated that does not contain the unwanted characters.
Optionally I can manually delete and replace them with other characters. I have also run across websites that do not allow certain characters in passwords, so if I could deselect them I could generate a successful password much faster and easier.
Flag
0
Comments
-
Hi Rebel,
First of all, I'm really sorry it's taken us so long to get you a response, I'm not entirely sure what happened as we normally try to respond to forum posts within at least 24 hours. In any case, I agree that it would be great if our password generator could detect the number of allowed characters when launched, and I believe we're looking into something along these lines for a future update to our browser extensions.
We've had a number of requests for more customisation of what characters are and aren't used to make up the generated passwords, and this is certainly something we can consider. One thing we have to consider is that by limiting the randomness of the generated passwords there could be a slightly increased risk of these being weaker and therefore easier to 'crack' and obviously this is something we need to take into consideration before adding such a feature.
Sorry I don't have more firm answers for you, but we do appreciate the feedback, so thanks for sending it along.Flag 0 -
It would be useful to me if passwords generated with [b]Advanced Options > Pronounceable[/b] selected could contain uppercase characters that some sites require.Flag 0
-
[quote]I usually keep the length set at 20, so when I activate P.G. it should auto-detect the maximum number of characters allowed and lower the setting accordingly, and display a message as to the maximum length allowed.
[/quote]
Maybe I am going crazy, but I swear this functionality already exists in 1Password for Mac. I don't have an example offhand, but I think that if the length= attribute is set for an input field of type="password" it will do this automatically. Some sites only do a length check via JavaScript or on the server-side, though. This is not supported. There isn't really a way we could support either of those methods.Flag 0 -
[quote name='khad' timestamp='1285615209' post='12149']
Maybe I am going crazy, but I swear this functionality already exists in 1Password for Mac.[/quote]
Its suppose to already be there unless were both in the loony bin.Flag 0 -
[quote name='sjk' timestamp='1285614934' post='12148']
It would be useful to me if passwords generated with [b]Advanced Options > Pronounceable[/b] selected could contain uppercase characters that some sites require.
[/quote]
Try to change your itunes password, It will need an uppercase when before it didnt. I know because I just changed my sons, it was way to weak and just went for the length nope no go needed the upper case.Flag 0 -
[quote name='thightower' timestamp='1285615790' post='12152']
Try to change your itunes password[/quote]
No thanks; I'm satisfied with the current one and …
[quote]It will need an uppercase when before it didnt.[/quote]
… I believe you. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
Passwords containing mixed case and/or numbers is an increasingly common requirement.
I prefer including non-alphanumeric characters but have been unable to change passwords containing them by sites switching to not supporting them and rejecting the original as invalid.Flag 0 -
[quote name='sjk' timestamp='1285618106' post='12159']
I prefer including non-alphanumeric characters but have been unable to change passwords containing them by sites switching to not supporting them and rejecting the original as invalid.
[/quote]
I actually have seen this in more common daily activity. The wife has had more and more sites complaining about her passwords (which worked last time she logged in) lately maybe I need to check the PW gen on her end. Thanks for jogging my train of thought about this.Flag 0 -
[quote name='khad' timestamp='1285615209' post='12149']
Maybe I am going crazy, but I swear this functionality already exists in 1Password for Mac.
[/quote]
On second thought maybe this was working somewhat . I mention this as at one point the betas of 1p3 had a bug in which it always defaulted to 50 characters no matter what, it wasnt detecting the length requirement properly. Maybe the idea was shelved because of that.
Maybe one of the other can chime in on this one.Flag 0 -
[quote name='Rebel' timestamp='1285617867' post='12158']
I don't like any form of parentheses [b])[{[/b] in passwords[/quote]
I usually avoid using characters that are hard to differentiate in certain fonts (e.g. zeros/ohs, ones/eyes/ells) if they'll need manual entry.Flag 0 -
[quote name='sjk' timestamp='1285622178' post='12174']
I usually avoid using characters that are hard to differentiate in certain fonts (e.g. zeros/ohs, ones/eyes/ells) if they'll need manual entry.
[/quote]
I do too, but P.G has the option to "avoid ambiguous characters." This eliminates capital I and small l (eyes and ells) as well as 0 and O.Flag 0 -
CafePress uses the "maxlength" attribute on its password fields (not "length" — we regret the error).
[url="https://members.cafepress.com/join.aspx"]Give it a try.[/url]
1Password will automatically shorten the password length when generating a strong password because of this. If you decide to manually bump the slider back up above "maxlength" (in this case 12) characters, you will see the attached message.
Again, this is the only method of determining acceptable password length per site that 1Password supports. Other methods (e.g. JavaScript, server-side) would be impossible to implement from a technical standpoint. We do what we can, it would be nice if web designers simply used standard markup instead of cockamamy shenanigans. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />Flag 0 -
[quote name='stu' timestamp='1285546430' post='12076']
We've had a number of requests for more customisation of what characters are and aren't used to make up the generated passwords, and this is certainly something we can consider. One thing we have to consider is that by limiting the randomness of the generated passwords there could be a slightly increased risk of these being weaker and therefore easier to 'crack' and obviously this is something we need to take into consideration before adding such a feature.
Sorry I don't have more firm answers for you, but we do appreciate the feedback, so thanks for sending it along.
[/quote]
Please add my vote for the ability to exclude certain characters (my choice) from generated passwords. You already have an 'avoid ambiguous characters' option which excludes a couple of alphanumerics, and if the password is long enough I don't think either option will necessarily be less secure. I mean, how is a cracker supposed to guess/know which character to exclude/postpone from their brute force attack? Unless you've posted in this forum that you never use something. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> And in that case just bump up the number of characters used including other symbols.
In my case I had a need to not generate @ symbols because it was an ftp password and being used in the URL.
On the other hand your interface for generated passwords in the client is very nice in that I can manually replace one which will then be used when copied/saved.
thanks,
chrisFlag 0