Getting Qualified Passwords for AOK

Password requirements of the website(AOK (German Health Insurance)
  • Length between 8 and 14 characters

  • At least one letter, one number and one special character Special characters are: !@$%/=?`+@#_.;:{}|

  • The password must not start with ? or !.

  • The password must not include the username.

  • The password must not be the same as any of your previous passwords

Each password manager gets ten stars at the beginning and has ten times to generate suitable passwords. They will lose one star for one unqualified password, two stars for two unqualified passwords, and so on. They might also lose extra stars due to its inconvenient setting.

Setting process of each password managers

Bitwarden: 4 stars

It lost 4 stars (5 stars for 5 failures and 1 star for its unfriendly setting).

When generating passwords, users first needed to change the password length to 12. Honestly, it was annoying to drag the thumb of the seekbar to the exact numbers( that’s why it lost 1 star).

Then we made the password managers allow for special characters. However, users couldn’t forbid using some specific character(like !, ? ^) as the beginning of the passwords or the components of the passwords. As a result, there were five failures in generating suitable passwords.

Enpass: 7 stars

It lost 3 stars ( 3 stars for its unfriendly setting).

  • Users first needed to change the password length to 12 by dragging the thumb of the seekbar (annoying, lose 1 star here).

  • Too many steps to generate suitable passwords (lost 1 star here)

    Tap ”+” and “passwords”, then enter the login name, choose the field type and enter the URL. Next, go back to the adding page, begin to generate a password, and choose a suitable password. Finally, save the passwords.

  • Inconvenient to type the specific characters

    After clicking more options, users can exclude/include some specific characters ( !@#$%^&*…). To meet the website requirements, we typed one symbol(@) suited for the website(see screenshot below) and got 10 suitable passwords. But it is inconvenient for users to type the specific symbols by themselves (lost 1 star here).

LastPass: 4 stars

It lost 6 stars (3 stars for 3 failures and 3 stars for its unfriendly setting).

  • Annoying to drag the thumb of the seeker bar(lost 1 star here)

    Users first needed to change the password length to 12.

  • Inconvenient to save an account quickly for ten steps (lose 1 star here). First tap ”add”, “passwords”, “add new passwords”, “name “, then click passwords and open the generating password page, next generate passwords, next tap “done” , “use this password”, and finally “save” it.

  • Check passwords carefully (lost 1 star here)

    Because we can only see three special characters on the password generator page, we needed to check special characters in passwords carefully to know whether they are suitable for the website.

It either did not allow users to choose some specific character listed by the website, resulting in three failures in generating suitable passwords (like passwords in the picture below having the symbol(*)) .


KeePassium: 7 stars

It lost 3 stars (for its unfriendly setting).

  • Need to change the mode from “Basic” to “Expert”(lost 1 star here)

    Otherwise users couldn’t change the passwords options.

  • Annoying to drag the thumb of the seeker bar(lost 1 star here)

    Users first needed to change the password length to 12.

  • Time-consuming to type the specific characters(lost 1 star here)

    KeePassium allowed users to exclude specific characters by entering the characters. It takes more time to type the specific characters. Because users needed to turn off the choice of special characters, clicked the box “required” and then typed the specific special characters (see video below). It is uneasy to type the specific special characters in person. Therefore it lost 1 star for these unfriendly settings.

KeePass DX: 7 stars

It lost 3 stars (for its unfriendly setting).

  • Typing the excluded characters into the box of ignore characters (lost 1 star here)

  • Choosing “at least one character from each” (lost 1 star here)

    Users needed to choose the option of “at least one character from each”; otherwise, it might fail to create qualified passwords even having selected the appropriate options.

  • Making the passwords readable(lost 1 star here)

    Users could not read the passwords if they forgot to tape an eye icon near the password. The passwords were shown in dots by default.

KeePass XC: 7 stars

It lost 3 stars (for its unfriendly setting).

The same situation (in KeePass DX) can be seen in KeePass XC, so it also lost 3 stars for these unfriendly settings.

Zero password manager: 10 stars

It got 10 stars.

Unlike previous password managers, Zero password manager allowed users to easily choose specific characters by clicking the character. We cleared all the default special characters to have suitable passwords and then chose one or two required characters. By doing this, no passwords began with ! or ?, which increased the success rate.