More configuration options for password generator

[dfyx]

When generating a new password locally, there are options for numbers and special characters. The old owncloud plugin also had checkboxes for uppercase and lowercase characters and a setting for the password length (which is especially important because unfortunately there are still some websites which a maximum password length).

[marius-wieschollek]

Currently, you can set the strength of a passwords in the settings. The minimum length can vary but it will never go below 12 characters. In a future release, improvements will be done in the password creation dialog which allow you to set the strength right there. I can not help you with the uppercase/lowercase option. Except for the random characters service, all password creation services will always contain lowercase and uppercase characters.

[dfyx]

The random characters service is what I meant.

[marius-wieschollek]

It would probably make sense to check the output of that generator more precisely.

[msberends]

Except for the random characters service, all password creation services will always contain lowercase and uppercase characters.

That is of course how you transform the output with your code. My ISP demands lowercase only for the password of my online account at their website. Yes, that’s horrible and will hopefully change soon. But my point is, we as users sometimes need this. I would like this option too. Why limit users in such a simple JS possibility?

[kidmock]

I'm constantly running into issues where different sites have different requirements for passwords. For example, 1 site I use has this restriction that it must contain special characters from the following:

~ ! @ # $ % ^ ( ) _ + = { } | [ ] : ” ? , . / )

However, I can see how to include or characters in the set and I always get a euro € which really sucks because I'm in the US and it's not on even on my keyboard. :)

[dfyx]

One thing I've noticed is that the generator often includes non-ASCII characters such as äöü which many sites don't allow to prevent encoding issues. It would be really useful to be able to remove those.

[politas]

One thing I've noticed is that the generator often includes non-ASCII characters such as äöü which many sites don't allow to prevent encoding issues. It would be really useful to be able to remove those.

I'm finding this too, particularly on the Euro symbol, which seems to come up a lot. Can we get an option to use only ASCII characters?

[logancarlile97]

I am having the same issue with some sites. It would be nice to be able to give constraints on what symbols are used for password generation.

[robermad1986]

A bit sad almost nothing has changed since this ticket was opened in 2018. Is it not possible to set up some option so we can specify what special characters and symbols we want to be used on the generator? In my case, I have many problems when I activate symbols and it's sad to have to deactivate them when the password allows basic symbols.

Thanks for the good work!

[dfyx]

Same here, I'm still struggling with this. Even the old passwords plugin for OwnCloud had those options. I frequently have to copy generated passwords into a text editor and remove certain characters or shorten the password overall. Sure, that makes the password weaker but that isn't my decision. No matter how much I want super strong passwords, I can hardly tell Microsoft that their policy for MS Teams is crap. A password manager has to adapt to the reality of the applications the passwords are used for, not the other way round.

[politas]

I've just turned off special characters and add them manually when a website demands them. Otherwise, I get a non-ascii character (usually the Euro symbol) almost every time.

[jficz]

Ideally there should be a user-definable list of symbols which the generator will use.

But we don't live in an ideal world so as a quick fix the generator should only use ASCII-7 symbols. Especially the € symbol comes up _way too much_often. Like 4 in 5 instances.

Until then the "special symbol" feature is basically useless as it breaks many use-cases in an unpredictable way - for instance a company openvpn portal happily alllows you to use € in your password but is then unable to verify such password and fails silently ("wrong password").

[politas]

I would also appreciate an option to have just entirely random passwords, rather than the adjusted words. I rarely find it any easier to type in a password in the rare occasions when I have to do that, and it is a simple fact that such programmatically generated character replacements are used by automated password crackers. I'd much rather have passwords like "Hf6s)ng#jgdkHU7Kdf4%^ns;KSifj" than "Th3sIsJuN!perVic7ory".

But please, please, please, can we have an ascii only option, which should be the default? Those damn Euro symbols are unusable. How many people have to complain about this to get what ought to be a fairly simple change?

[K4r0qtuYNE5G4qgZ]

I just now stumbled over the Passwords App and my first thought was, I need more random Passwords.

I currently use my own coded Generator and it creates Passwords like:

(Numeric only Lenght:64) 1150872319849421587622224853285160668101358708756006177785916085

(LowerCase only Lenght:64) wbqlwdaeayvbhfyvbhjorxehqpvimzqeuklaabmfbgtargtwfaxplxsvzrgocael

(Alpha-Numeric-DivCase Lenght:64) dwBj4Ro2mzJ37cz75wsORI98qQV933y7d9554d5P3Sq33vYVvf6dYb3OJBm96P84

(Safe Special Symbols + Alpha-Numeric-DivCase Lenght:64) l6H~T]Em~[o=!@N@_"^[`vH;3}!8<~KK:]<%{}&T=[[|p@&e{;VG}j@|uzH5T}

(Alpha-DivCase Lenght:64) jYBeQuoSuROQlEHaYaPCJJAPevTwvcztIEBPXCecrPqOcLvWutkqyvoMzZTNmLWa

(Alpha-Numeric-DivCase + Safe Special Symbols Lenght:64) B4B$0o5FwG+zoHvzX%k6fP1H9ViqyKU1Y817@otiuHp8Q8S2w#Wpx85e6~95uk8l

It's what I also want in the Passwords App, fully random Passwords, and not combined existing words with a few numbers and special characters. I don't have to remember the passwords, that's exactly the point.

[Be-Mann]

I would also like to have more options, for example, for everyone as it is now, and simply additional advanced settings that can be activated if needed. I find the settings options in Keepass much better. There, you can configure which ones you would prefer. But it would already be enough to start with being able to disable '€äüö' or other characters.