Getting Qualified Passwords for Costco.com

Password requirements of the website(Costco.com)

  • Use between 8 and 16 characters.

  • Include at least one lowercase (a-z) and one uppercase letter (A-Z).

  • Include at least one special character (e.g. !@#$&) .i.e., any symbol above the 0-9 keys.

  • Does not contain blank spaces or the following special characters: < >

  • Include at least one digit (0-9)

Each password manager gets ten stars at the beginning and has ten times to generate suitable passwords. They will lose one star for one unqualified password, two stars for two unqualified passwords, and so on. They might also lose extra stars due to its inconvenient setting.

Setting process of each password managers

Bitwarden: 8 stars

It lost 2 stars (2 stars for its unfriendly setting).

  • Annoying to drag the thumb of the seekbar (lost 1 star here)

    It was annoying to drag the thumb of the seekbar to 12 exactly.

  • Need to check passwords carefully (lost 1 star here)

    Users couldn’t forbid using the specific character(< >). And thus, it was necessary to check the passwords carefully to know whether they suit the website.

Then we made the password managers allow for special characters. Luckily, the special characters provided by Bitwarden were the same as the ones required by the website. So, there were ten qualified passwords.

Enpass: 8 stars

It lost 2 stars ( 2 stars for its unfriendly setting).

  • Annoying to drag the thumb of the seekbar (lost 1 star here)

    It was annoying to drag the thumb of the seekbar to the 12 exactly.

  • Inconvenient to enter the specific special symbols(lost 1 star here)

    To meet the website requirements, we included valid symbols listed by the website(see the screenshot below) and got 10 suitable passwords. But it was inconvenient for us to type the specific symbols by themselves.

  • Inconvenient to save an account quickly with nine steps (lose 1 star here).

It got ten qualified passwords.

LastPass: 7 stars

It lost 3 stars (3 stars for its unfriendly setting).

  • Annoying to drag the thumb of the seeker bar(lost 1 star here)

    Users first needed to change the password length to 12.

  • Check passwords carefully (lost 1 star here)

    Because we can only see three special characters on the password generator page, we needed to check special characters in passwords carefully to know whether they are suitable for the website.

  • Inconvenient to save an account quickly with ten steps (lose 1 star here).

To our surprise, there were ten qualified passwords.

KeePassium: 7 stars

It lost 3 stars (for its unfriendly setting).

  • Need to change the mode from “Basic” to “Expert”(lost 1 star here)

    Otherwise users couldn’t change the passwords options.

  • Annoying to drag the thumb of the seeker bar(lost 1 star here)

    Users first needed to change the password length to 12.

  • Time-consuming to type the specific characters(lost 1 star here)

    KeePassium allowed users to include specific characters by entering the characters. It took more time to type the specific characters. Because users needed to click the box “required” and then typed the specific special characters (see video below). Therefore it lost 1 star here.

It got ten qualified passwords.

KeePass DX: 7 stars

It lost 3 stars (for its unfriendly setting).

  • Typing the excluded characters into the box of ignore characters (lost 1 star here)

  • Choosing “at least one character from each” (lost 1star here)

    Users needed to choose the option of “at least one character from each”; otherwise, it might fail to create qualified passwords even having selected the appropriate options.

  • Making the passwords readable(lost 1 star here)

    Users could not read the passwords if they forgot to tape an eye icon near the password. The passwords were shown in dots by default.

KeePass XC: 7 stars

The same situation (in KeePass DX) can be seen in KeePass XC, so it also lost 3 stars for these unfriendly settings.

Zero password manager: 10 stars

Zero password manager allowed users to easily choose specific characters by clicking the character. We cleared all the default special characters and chose one or two valid characters. By doing this, we got qualified passwords everytime.