Feature request (asked by me many years ago, still waiting):
When I create a password for a site, either a new account or updating password on an existing site, I often have to try multiple times because different sites have different requirements.
What LastPass could do (you can) is to start cataloging the password requirements and limitations for all the different cases you run across.
A site that doesn't allow a password to start with a digit?Need for some certain number of special characters?Limitations on which special characters are allowed?Certain strings of characters are illegal?What is the minimum number of characters?What is the maximum number of characters?
Yes, don't tell me: "There are too many sites out there to remember those!"Well, you are remembering the passwords for as many sites as your customers already use, and the number of sites you have to remember the passwords rules for is a subset of that larger number, so yes, you can remember that many password rules.And to make it easier, once you know the rules of one popular site, those rules are known for all users who use that site.If you have 5 million users who store their Google account passwords, you are only needing to store the password rules once, not 5 million times.
Why would you do it?Because it both speeds up user interaction with a website when creating a new password (don't have to do it multiple times), and a user can opt to use the longest password allowable for those sites that you have in your database.Super easy, barely an inconvenience.
How do you get that data?One way: scrape the password rules prompts from sites as your users encounter them.Process the data and enter it to the database.If it were me, I'd be employing one of the AI systems that exist to read the password rules info from those sites, and have the AI parse it to a standard set of fields for the database.Super-easy scraping.You can keep doing it for a given site just to make sure your database is correct as time goes on.If a user gets runs into password problems on a site, the password generator can have a button to allow the user to indicate the issue.And, if a user generates more than one password for a given site within a short period of time, your backend systems should flag that site to be checked.
Another method: if your encrypted password database allows for it, you can check the lengths of existing passwords for a given site.For instance, if all your users who have Google accounts have passwords between 8 and 64 characters (minimum and maximum), you can infer those as probable limits.This is implied at this point, but is a good way to prime the system with that kind of info.Of course you can't determine the other particulars about user passwords (the string characters themselves), but if the encryption allows for determining lengths of passwords, you then have some useful data.
There will be other clever ways to automate the gathering and updating process.This is totally scalable, which is what you want.
For me, I'd want to have the password generator create a password with a random length within 10% of the maximum password length for a site to a maximum of 64 characters and a minimum of 16.By allowing the password generation to have a random length option based on the site's allowable maximum limit, my password won't have a predictable length that would make the password easier to hack.
If you want to stay ahead in the password utility game, this is a great suggestion that will empower your users to use the the service more, making them more reliant on LastPass.
