Add some special chars by default in the default characters list

[elboletaire]

Is your feature request related to a problem? Please describe.

Many websites have as minimum requirements that password must have letters, numbers and a special character on it. Other's don't ask for this, but should allow also special characters.

Describe the solution you'd like

I think the ideal solution here is to add to the allowed chars some special characters and also make the password algorithm to, at least, add one special char from the allowed list.

Describe alternatives you've considered

The easy solution would be just add these special chars into the allowed characters and at least one or two of them into the required characters input; but I don't like this, for evident reasons, and I guess you won't like it either.

That's why I think this should be something done more "magically". If there are special characters into the allowed list, ensure at least one is added to the required chars, but internally, and randomly..

Additional context

The last 6 applications I've added to derivepass required me to add special characters, which forced me to open the password settings page, where we can read that "I do not need to change these settings for most of the websites"... 😅

[indutny]

Should we add those websites to https://github.com/derivepass/derivepass-vue/blob/master/src/presets.js ? :wink:

[elboletaire]

Do you have any kind of protocol on which websites can be added or not? Or can I add as many websites as I find that require special characters on passwords?

[elboletaire]

BTW, don't you think it would be a good idea to add special characters by default somehow similar to what I described? Adding fixed characters to the required list is something I don't find too much secure (we're forcing all passwords to have that character always). Adding randomness by default and play with the allowed chars would be a nice move IMHO.

[indutny]

You can add as many websites as you want, just provide a screenshot of the requirements where possible when submitting a PR.

It is actually a bit more secure with extra required characters, because it might add more than one of them. This option practically expands the allowed characters for the password generation, and would use @ as the last char only if it hadn't been emitted before.

[Fishrock123]

I think we should just add aZ1! to the default required characters. That covers pretty much every website and is trivial to do. I suppose better would be to "require" from ranges, e.g. a-zA-Z0-9[!@#$%^&*] or something. But do do that things would need to be adjusted so that it doesn't try to require one of each of those, and also fix how the required length is generated from the required characters option.

[elboletaire]

I've found a lot of sites where I needed to change derivepass settings. As I always forget to write down the sites and their requirements, I'll be adding here screenshots/details/links to sites which requirements don't fit with derivepass' defaults (with the idea of adding these to derivepass' presets file when we have some of them already noted here).

[elboletaire]

crypto.com/exchange

kraken.com

origin.com

p2pb2b.io

[elboletaire]

To avoid more spamming to subscribed users I'll be editing the previous comment until we add these sites to derivepass' settings.