Some of my logins show a "terrible" rating, but they're similar to those rated higher.

AllofusAllofus
edited August 12 in Families

The passwords rated terrible are not very different to some rated much higher, so it appears something must not be right, but I can't figure it out.


1Password Version: Version 7.6
Extension Version: (70600005)
OS Version: OS 10.15.6
Sync Type: ?
Referrer: forum-search:why are some login passwords not rated

Comments

  • Can't figure out how to edit my issue, but wanted to add that one of the login passwords rated "terrible" was generated by 1Password; and it is long and difficult. All of these logins seem to work fine otherwise; they open sites and auto fill in the appropriate blanks.

  • BenBen AWS Team

    Team Member

    Hi @Allofus,

    Are any of these passwords saved on multiple records (e.g. do they have a red Watchtower banner at the top of them warning about password reuse)? Reused passwords are rated as 'terrible' regardless of any other characteristics of the password.

    Please let me know. Thanks!

    Ben

  • No, whenever I see that, I make sure to find and delete any duplicates. It is always that the login somehow was saved twice, as I never reuse passwords for different sites.

  • I also have this problem. I have many long/complicated passwords (nonsensical jumbles of at least 16 characters in caps/lowercase letters, numbers, symbols) that are listed as "terrible" after adding them to 1Password. None of them are reused on multiple sites or marked as duplicates by Watchtower. In some cases, they were generated by another password tool, but others are those generated by 1Password. There may be a few mixed in that actually are bad, but now I feel I can't rely on the tool to show an accurate rating. Further, despite being marked as "terrible" none of these passwords are showing up in Watchtower as weak passwords. This begs the question: What is the hierarchy of the password ratings? Is terrible better than weak? What does it take to get Watchtower to flag these?

  • slimslim Junior Member

    Same for me with "terrible" passwords, even when they're long and a mixture of letters, numbers, and symbols, sometimes 1Password generated. I'm not getting warnings that any of these are duplicate passwords or Watchtower problematic. In one case today, a 1Password generated password was listed twice having been so recorded as part of the same account setup process at a particular site. One instance was designated as "fantastic," the other "terrible." According to Ben, that makes sense, even though it wasn't labeled as a duplicate. But, even after I deleted the one labeled as "fantastic," the other remains "terrible."

    Looking through my logins, I see that it's been 1 week short of a full year since any of my passwords are classified as "fantastic" other than the one I just deleted. Some aren't enough characters to merit that, perhaps. But others are. Lots of the stronger ones are "terrible."

    This is either a bug or something related to how 1Password is categorizing things. We can't all have the same problem in senseless ways without it not being a problem.

  • BenBen AWS Team

    Team Member

    Hi folks,

    Thanks for the additional information here. I've shared this feedback with the development team. Hopefully in an update we'll be able to make the ratings more reliable. Certainly in the case of a duplicate password both instances should be marked as 'terrible', not just one. Additionally we have had other reports of ratings that don't seem to make sense, and are looking into how that comes about.

    Ben

  • slimslim Junior Member

    Thanks, Ben.

  • BenBen AWS Team

    Team Member

    You're very welcome @slim. I wish I had a more immediate solution to offer here. Hopefully development will be able to better track down where things have gone a bit wonky.

    Ben

  • patrickjpatrickj Junior Member

    I have this problem as well. I have passwords with 20 totally random characters including many symbols rated "terrible".

    My passwords are generated with 1Password on my Mac using the Safari extension for 1Password & application most usually. I just created one now and it is supposedly "terrible" but it is in fact very good.

  • ag_anaag_ana

    Team Member

    Thank you for letting us know @patrickj! It sounds indeed like you encountered the same bug :+1:

  • patrickjpatrickj Junior Member

    Well I have to say my password with 20 random characters is terrible poetry…

    Maybe 1Password is simply using different criteria from that which was originally intended?

  • ag_anaag_ana

    Team Member

    @patrickj:

    Maybe 1Password is simply using different criteria from that which was originally intended?

    I am sure our developers will figure out what is causing this strange behavior after all :) In the meantime, thank you for your patience!

  • I can confirm this issue. In my case a password rating changed from "fantastic" to "terrible" after editing some other items of the same login. I was able to change the password rating back to "fantastic" by adding two symbols to the password (which had no symbols before). When I removed those two symbols (i.e. restored the original password), the rating stayed "fantastic"

  • ag_anaag_ana

    Team Member

    Thank you for sharing your experience as well @sylath :+1:

  • I would agree with the original post. I am getting this even on the passwords you all have generated. The circle with terrible next to it only appears in the Mac app. None of these passwords show up as weak in the Watchtower and none of them have the same designation when logging on via the website. It is strange and disconcerting. There is just an empty circle next to the "terrible" so I wasn't even sure it was a rating. I would also say the "terrible" sounds a little harsh and you may want to stick with "weak"

  • ag_anaag_ana

    Team Member

    @PorterIV:

    Thank you for your feedback!

    I would also say the "terrible" sounds a little harsh and you may want to stick with "weak"

    The fact is, it's not a naming problem, but rather a visual bug. The passwords are probably strong, it's just a visual bug that does not update the strength meter properly in certain cases. It has nothing to do with the actual strength of the password itself, so changing the name of the rating would not solve anything :)

  • Hi, I am also seeing this issue in the OS X app v7.6. When adding existing passwords to 1password in the OS X app they show up as "terrible" and the wheel (that shows the relative strength) is all grey, no green. If I look at these same passwords online in 1password the green meeter is about 75% full (good). These are strong and unique passwords. Is it possible to file a bug report for the OS X app to get this fixed? Thanks - Derek

  • BenBen AWS Team

    Team Member

    Hey @dbeauregard

    We do have a bug filed for this; sorry for the trouble. Hopefully we'll be able to get it fixed up soon.

    Ben

  • I used 1Password to generate a password for a site but the site had requirements that the generated password didn't meet so I modified it very slightly and now it is marked as terrible.

  • BenBen AWS Team

    Team Member

    Hi @PatriciaW1943

    That isn't entirely unexpected. User generated passwords (which a modified generated password would be) use an entirely different calculation for the password strength rating. The reason for that is that we have no way of knowing the entropy (randomness) for such a password, whereas for unmodified generated passwords we do.

    Ben

  • It is a very good password ... very far from terrible. Most of my passwords are user generated and most of them are marked as good but nowhere as good as this terrible one.

  • There is a workaround that takes a few clicks but solves the aesthetic problem of a strong password labeled terrible: edit password - add any character to the end of the password - save - edit password - delete the character - save.

  • ag_anaag_ana

    Team Member

    Thank you for letting us know @patriciasullivan. This specific password might be ok, Ben comment was explaining the difference in general when it comes to manual password creation ;)

  • ag_anaag_ana

    Team Member

    Thank you for sharing @grbtv1!

  • slimslim Junior Member
    edited August 24

    I'm finding that the mistaken "terrible" rating occurs on my Mac, but does not necessarily occur in my account via a browser window. I just created a password that the Mac app says is "terrible," but the web page for that entry has the quality slider in the horizontal center, which seems appropriate. I don't normally edit there, but on Firefox, that's where the 1Password extension sends me to make edits.

    I can also verify that if I change it from within the app, the terrible rating is rejudged more appropriately.

  • BenBen AWS Team

    Team Member
    edited August 24

    Thanks @slim. I'm currently working with our development team to try and narrow down how / when / why this happens.

    One question that was asked is: is this happening with any newly generated passwords? Or is it only with passwords that were generated a while ago?

    It sounds like we have changes to how some of this works slated for v7.7. These changes will not affect any passwords already marked as terrible, but if any newly generated passwords seem inappropriately marked after that version is released and installed please do let us know.

    Ben

  • I've also encountered this issue and it seems to be related to the 1Password Safari Extension in my case.

    I generated a strong password (32 characters, including numbers and symbols) via the extension (Safari v14.0, 1Password extension v7.6), 1Password records the strength as terrible. If I use the native 1Password app to set exactly the same password it's rated as fantastic.

    I typically let the browser extension capture the details when creating a new account so all the new ones I've created lately show as terrible. Regenerating a new password in the native 1Password app and then pasting this value into the web application fixes the problem but that's a bit of a bummer to have to do each time.

  • BenBen AWS Team

    Team Member

    Thank you for the report @just1more. If the problem persists after v7.7 please let us know. We have some improvements planned for that version that may help here.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file