Android-Password-Store
Android-Password-Store copied to clipboard
android-password-store
[FEATURE] Choose password generation type (classic vs XKPasswd) at generation time, not in settings
Is your feature request related to a problem? Please describe.
I want some of my passwords to be passphrases (XKPasswd) and some to be classic alphanumeric passwords. Currently, switching between the two generation methods requires going to settings, which is cumbersome – and if I've already started filling out the rest of the fields (username, password name) before I realize that the current setting is not what I want, I have to start from scratch.
Describe the solution you'd like
There are multiple ways to approach this problem:
- When the "Generate" window is open, show a dropdown menu to choose the type of generator. This could be in place of the window title (e.g. XKpasswd Generator) and be pretty seamless.
- Instead of one "Generate" button that follows the current setting, show two buttons (one for classic, one for XKP). This is easier to implement but less seamless; although there could be a setting to decide whether to show one button (and which) or both.
Describe alternatives you've considered
The two solutions above are just what comes to mind. There might be other/better solutions. I'm not sure if there's any argument to only keep this in the settings menu; perhaps I am the only one to want to use both
Additional context
I would be happy to work on this if it's something that other people want to see as well.
I think this is a reasonable request, but from a UX point of view neither option is that great IMO. Password generation has enough user-configurable knobs already, and throwing in another password generator option adds needless complexity for users who don't particularly care for it (myself included). I'm sympathetic to the feature request itself but there's fairly low demand for this and no good way to implement it without getting in the way of the majority who don't need it.
I've experienced a couple of instances wherein I would have preferred the ability to easily shift between different password generator types. However, its imperative to discern why.
For me, the new Diceware seemed great. The ability to have easily pronounceable phrases as passwords gives me the ability to type them out on a third system by either memorizing them or reading them out from the phone. However, the inability to use Diceware stems from a different issue - non-relevant to this discussion. Perhaps I'll link it here after I've posted a feature request.
With that in mind, I'd focus energy on improving Diceware interface on APS such that the requirement to switch between algorithms doesn't arise to begin with. However, @pinusc if you're still around; Could you explain what use cases would warrant this feature?
I can probably think of one based on my workflows but eager to hear yours.
In my workflow, it mostly depends on the context I expect to use my password in.
- Passphrases (diceware/xkcdpass) are great for passwords that I would sometimes have to type, possibly from memory, on a physical pc keyboard. For example, my university login was a diceware password, because I'd have to login on random classroom PC sometimes and I could do that easily
- If, however, I am expecting to type that password on a dumber device, like my dumbphone, (and security is not a concern) then I'd like it to be short (10 characters)
- Some passwords, e.g. on stupid banking portals, cannot exceed a certain (short) character length. This makes passphrases insecure; and they require symbols/numbers anyway, which do not make sense to me in a passphrase. So a 20-character alphanumeric+symbol random string works perfectly fine; especially because I expect my password manager to always be there to type it/copy it for me
Basically, it boils down to the fact that passphrases exist because sometimes passwords have to be typed or remembered outside of the manager. I want them in those cases; usually I'm fine with having everything be a passphrase, but there are some cases where a very short password is desirable to me, and then I am forced to switch to normal generation.
By the way, for comparison, KeepassXC does allow both generations. Screenshots below of the PC interface. The android app also allows switching between password and passphrase at generation time, but it does not allow screenshots.
From a UI/UX standpoint, I think they get it right; the android version (KeepassDX) has "tabs" at the bottom of the password generation interface to switch between password and passphrase. I think this is perfect, and much better than my earlier proposal for a dropdown or separate button. It's clear, it's unintrusive, and if you're not looking for it it's easy to ignore it. I wish I could easily provide a screenshot...
On a separate note, I also think the naming matters, and they got it right by calling it passphrase, which is correct, descriptive, and independent of the underlying generation. Keepass uses the EFF large wordlist by default, which is arguably a minor improvement over diceware/xkpass; in fact, calling it a "passphrase generator" would allow this app to easily switch sources, or even to let the user define their own wordlist, without then being a misnomer. It is also intuitive for users, who might not be familiar with xkcd or diceware...
Interesting. I resonate with a lot of what you write above. There are a few instances when I would prefer to use a passphrase simply because pasting from a clipboard is disabled on those websites and I see the value in this feature. From a demand perspective, we could only take cues from our own experience as opposed to looking at a feature request since there is none.
I'd be interested to implement this; Some assistance from a UI perspective is required. Unsure how latter is fulfilled on opensource projects.