Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

mSecure Support

Knowledge Base Forums Submit a ticket

mSecure 6 Password Generator

Msecure 5 provided more options of characters, such as all lower case, or all uppercase. In version 6 if you select letters you get both upper and lower case. I like having more options which were available in previous versions. Hopefully at sometime this option can be included.

2 people like this idea

In addition to the issue raised by Steve, MSecure6 no longer persists the password generator settings. Having to reset these settings for every new password is time consuming a definite step backwards.


Likes with MSecure6:

- Ability to specify/exclude special characters is valuable to prevent hard-to-distinguish special characters


Dislikes:

- Having to reset the password parameters for every new password; removed settings persistence

- Removing ability to exclude upper/lower case


Wish List:

- The overall ability to filter out look-alike characters such as: 


l1| (lower el, one, pipe)

0O (zero, cap oh)

 `' (ticks, apostrophe)

,. (comma, period)

_- (underscore, hyphen)

:; (colon, semicolon)

Probably more I'm not thinking of....


Hi Everyone,

The settings for the password generator are actually supposed to be saved for each record, so I think you have found a bug. Can you let me know what platforms you are running mSecure on? If you are using mSecure 6 on multiple devices, are the settings lost on all platforms after a record is saved?


For the ability to include/exclude upper and lowercase letters, can you give some reasons for why that's needed? It's not that I don't believe it's needed, it's just that we like to have reasons and user stories before we make changes, as it provides understanding for why a certain feature exists. Are there websites you are running into that don't allow upper or lowercase letters? One of the reasons that features removed is because a password is always much stronger when upper and lowercase letters are included.

Lookalike characters I agree with. I agree Mike from mSecure that upper and lowercase is more secure password by itself. I think the reason I'd deliberately exclude uppercase is when I'm reasonably certain that I'm going to have to type this new password into a TV or some other silly input method. (Bearing in  mind the security of the account itself of course.)

Re: non-persist settings

I think that I (Mike) and Mike-msecure are talking about two slightly different issues.

The issue of non-persistence is seen on my Pixel5/android 12/SP2A.220305.012; msecure6 build 1604

I do sync with another Android; I only have one example at hand but the password generation settings, for a particular record, DO move with that record to a new device with the record. I think this is the behavior Mike-msecure expects.


However as I recall on msecure5 the password settings would persist across all new records on the same device. E.g. If I set 12 chars/upper only, then this would be the default setting each time I created a new record. I think this is different than what Mike-msecure is describing  as saved per each record to persist acrossed platforms. The value here is that I have a password complexity setting that I am comfortable with for default new passwords. Especially with the new feature of symbol-inclusion/exclusion, entering the included/excluded symbols as part of creating each new record is not reasonable.


Re: upper/lower selection

I understand and agree that upper/lower creates more permutations of a given length password, and that it is good conventional wisdom for the typical user*. TV input is a good example to go all caps/lower. I had other cases where I choose to increase password length, and remove lowers also due to the input method. But this happens while thinking about risk tradeoffs.


*Perhaps pop up a "this setting has the potential to reduce password security, are you sure you want to continue?" would cover a larger user base.  Or hiding them under an additional layer of "advanced options". I think the statement above that a password is "always much stronger" with upper/lower at the generator side is generally good advice (cheap insurance) but overly broad.

Thank you for the input on this one everyone. I will talk to our development team to see what they want to do about separating upper/lowercase letter options in the password generator.


@Mike Thank you very much for the clarification. You hit the nail on the head. I was thinking the settings weren't getting saved on each record, which would be a bug. I don't think we intentionally removed the remembering of the last generated password settings, but that is definitely gone. I'll get that written up so it will be back in the app.


Login or Signup to post a comment