Human-readable passwords w/o compromising security entirely

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Human-readable passwords w/o compromising security entirely

Postby nawfalhasan » Wed May 25, 2016 2:46 am

Hi LastPass, congrats on a wonderful product.

I would love to have a feature were we can opt for a human-readable password instead of completely gibberish characters. This is need not come at the cost of security entirely. By human-readable I dont mean human-familiar terms like Cindrella86!, but something more readable yet completely random. Inserting a couple of vowels in between will do. This is what Google captcha's do, so it's easier for user to type. Something like:

    crokenpoo7!
    jimbr#olerol
    troypppernam@b
    $zyakularo^6

I am making shit up. But you get the idea. Rather than:

    sdflkj45k6%Sh
    ertrhgjt^^3^^@sd
    tydfsfdkj45*

Because human-readable will give a sense of familiarity when you see your password. One more feature request to go along with it:

By default every major host these days require our password to be have one lowercase, one upper case, one numeric and one special character. Lastpass's default password generation doesn't take care of this, ie, specifically it doesnt insert a special character. Now there is an option to choose special characters while generation random password, but then it inserts multiple special characters and make password completely illegible. I would like to have it insert just one special character, or two at most.This feature will go well with human-readability as I mentioned above. So, something like

    kamvuert!@p

instead of:
    2c%AA4^^qjzjr!!

Algorithm behind it should be a fun exercise for engineering team in your company ;) Of course this can be completely optional, let users choose.
nawfalhasan
 
Posts: 4
Joined: Wed May 25, 2016 2:22 am

Re: Human-readable passwords w/o compromising security entir

Postby nawfalhasan » Wed May 25, 2016 11:43 pm

Nobody seem this interesting? :(
nawfalhasan
 
Posts: 4
Joined: Wed May 25, 2016 2:22 am

Re: Human-readable passwords w/o compromising security entir

Postby mike808137 » Thu May 26, 2016 3:53 pm

Nope. Because the point of LastPass is to make it so that you don't care about "human-readable" passwords. Make them all lengthy strings characters of unreadable random gibberish, and you shouldn't care one bit with LastPass. That's its job to remember that gobbledygook so that you don't have to.
mike808137
 
Posts: 266
Joined: Tue Feb 24, 2015 12:04 pm

Re: Human-readable passwords w/o compromising security entir

Postby nawfalhasan » Fri May 27, 2016 2:50 pm

Thanks Mike for replying. It's not about remembering or memorizing the password. It is to get a sense of familiarity when you see it once in a while. Anyway, good to know.
nawfalhasan
 
Posts: 4
Joined: Wed May 25, 2016 2:22 am

Re: Human-readable passwords w/o compromising security entir

Postby mike808137 » Sat May 28, 2016 5:10 pm

You're welcome. Usually "human-readable" or even "familiar" makes the size of the possible passwords smaller, which means less cracking time for anyone interested in your password. Particularly key ones like your email and banking accounts. People are really bad at picking "random" passwords. Computers are really good at it.

The only password that really matters, with LastPass, is your master password. That should be a strong phrase, but not too long because LastPass still doesn't understand the difference between administrating and managing your vault and passwords from using and accessing them. Security wise, they are very, very different things. But, alas, we do not have such enlightened folks in LastPass decision-making.

For example, I want a second PIN/password for using a password (i.e. a high-value/sensitive one like my bank account and credit cards) that's different than the one I use to remove or change a password or even to load the vault. If the bad guys know the password to load your vault, they certainly know it to enter it again when they go into your bank accounts. it has zero security value. Anyway, the only passwords I care about are my master passphrase and my list of backup recovery passwords - not just for LastPass, but for my email and bank accounts.

I also backup my vault and export it to a separate thumb drive with a TrueCrypt drive using a different passphrase for offline safekeeping if I get hit by the proverbial bus.
mike808137
 
Posts: 266
Joined: Tue Feb 24, 2015 12:04 pm

Re: Human-readable passwords w/o compromising security entir

Postby nawfalhasan » Sat May 28, 2016 8:16 pm

Ok. I was thinking it could be an option, not the default. Anyway thanks.
nawfalhasan
 
Posts: 4
Joined: Wed May 25, 2016 2:22 am

Re: Human-readable passwords w/o compromising security entir

Postby LAW » Sat Dec 29, 2018 2:39 pm

I'd like to see a feature added to the password generator to limit the number of characters as shown in a 3 column list like the one below.

Check_Box Char_Type Max_Allowed
[y/n] A-z . 0->N
[y/n] a-z . 0->N
[y/n] 0-9 . 0->N
[y/n] !%@# 0->N


    [y/n] A-z . 0->N
    ]
    [2]


You already have the ability to limit the number of numeric characters. Why not extend that to in the other three categories? Combining this feature to be mixed in with the "Make pronounceable" feature would be a plus. All you would have to do is extend the "Make Pronounceable" algorithm to insert or substitute the added characters.

Thanks.
LAW
 
Posts: 1
Joined: Sat Dec 29, 2018 2:06 pm

Re: Human-readable passwords w/o compromising security entir

Postby HelloMom » Wed Jan 16, 2019 2:45 pm

I would like a word generator for dictation-friendly passwords. Generate a string of words like "correctbatteryhorsestapler" and append a letter or symbol at the end if those checkboxes are ticked. Four words would give the password an astronomical amount of entropy while making it easy to type on a phone touchscreen or dictate over the phone.

https://xkcd.com/936/
HelloMom
 
Posts: 2
Joined: Wed Jan 16, 2019 2:33 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 18 guests