Password and login disagree about strength.
I opened an account at a site yesterday, and had 1Password generate the password. When I searched it in 1Password today, I found two items:
- under the name of the company, a Password - 11 characters, upper and lower case, 1 numeral, 1 symbol, marked Excellent. It is Shared (with my wife), as I wanted.
- under the name of the Web site, a Login dated 23 seconds after the Password item, with my username (my email address) and the same password, marked Terrible. The Login item shows the same website, followed by a section of Saved on Web site data, including that same password, this time marked Fair. It is marked Private.
This befuddles me. Is the password Excellent, Fair, or Terrible? What do these differences mean?
1Password Version: 1Password 7 Version 7.6 (70600005) 1Password Store
Extension Version: 4.7.5.90
OS Version: 10.14.6 (18G6020)
Sync Type: 1Password WLAN server
Referrer: forum-search:Password and login disagree
Comments
-
Hi @denke
Passwords that are used on more than one record are intentionally marked as 'terrible' regardless of the characteristics of the password itself. Password reuse is one of the most common ways that people get into trouble, and with 1Password you're able to generate strong unique passwords for each service. :+1:
That said, it seems there is a bug in that both copies of the password should be marked as terrible, rather than just one. I'll follow up with our development team to see if we can track that down. Thanks!
Ben
0 -
I'm still befuddled. I'm not sure about the meanings of some terms here: record, service, item.
I discovered this conflict because I started typing the name of the company (e.g., "Company") into the Search field with All Items selected. This found both the item "Company" (categorized as a Login) and the item "www.company.com" (categorized as a Password.)
It looks to me as if, while registering for an account, I:
1. entered a username, then
2. requested a password from 1Password, then
3. entered the supplied password to finish the registration, then
4. logged in. (This may or may not have been a fourth action on my part: I don't remember.)Somehow this confused 1Password, which did not recognize that this was the password for the login. (Did it seem them as two different "services"?)
Thanks,
Roy0 -
Hey Roy,
I'm sorry for introducing any unnecessary confusion here. I'd be happy to clarify. When I said 'record' I was using that term interchangably with an 'item' in 1Password. In this example, both your Login and your Password would be items/records. When I said 'service' I was referring to the company/website that you have credentails for. Here, 'Company' / 'www.company.com' would be the service.
It is likely the reason you're seeing a 'terrible' rating is becuse you have two items saved in 1Password (the Login and the Password) that both have the same password saved on them, making 1Password think this password is reused. If you delete the Password item, do you still see the password on the Login item rated as terrible?
Ben
0