1Password on Mastodon

Password strength ratings

aldrozdaldrozd
Community Member
edited January 23 in Windows

Hi,
Look at the 2 attachments. I used a password which was rated as "excellent". I used the same password elsewhere and it was only rated "fair". How can this be? How does 1Password check the password strength?

Now I am concerned that other passwords it has rated as excellent, or very good, or good, are actually not.

Any ideas?

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Dave_1PDave_1P

    Team Member

    Hello @aldrozd! πŸ‘‹

    1Password will rate passwords that it generates as stronger than passwords that you create yourself since it knows exactly how that password was "made" and can guarantee that it's truly random. If you copy a password from one item into a different item 1Password no longer knows that the password used in that second item was generated by 1Password since it came from your device's clipboard.

    I don't recommend reusing the same password for two different websites/accounts. Each website/account should use a unique password generated by 1Password: Use the password generator to change and strengthen your passwords

    I hope that helps. πŸ™‚

    -Dave

  • aldrozdaldrozd
    Community Member

    Hi Dave,

    It does help but let me explain more.

    I am debating leaving LastPass so I imported over almost 600 items. Using Watchtower, I am concentrating on the passwords used going from worst to best and changing them. No easy feat. 1Password rates them in 7 categories on import so somehow it is analyzing these. Here is where I noticed that passwords that were similar, but not the same, were given much different ratings. So I experimented with one that was given an "excellent" rating, I retyped it in a "new" login to see what would happen. Now it gave it a "fair" rating.

    Do you think this is a serious flaw? Can I trust the Watchtower system and how it is categorizing them? My plan was to change just the Terrible, Weak, and Fair passwords for now because of time constraints. Can I have any faith that the ones rated Fantastic, Excellent, Very Good and Good are decent?

    I guess I just don't understand how the algorithm can look at the same exact same password at two different times and rate it differently. Doesn't make any sense to me. And it isn't just a "one time" event.

    Thank you,

    Alex

  • Dave_1PDave_1P

    Team Member

    @aldrozd

    Thank you for the reply. Was the Excellent password generated by 1Password or was it imported from LastPass? And when you typed that Excellent password into a new item did you change anything or was it exactly the same as the password in the original item?

    I look forward to hearing from you. πŸ™‚

    -Dave

  • aldrozdaldrozd
    Community Member

    Hi Dave,

    The Excellent was imported. I typed it in exactly the same.

    But here is what I just did to prove a point. I just created a new login and typed in "FowardsBlacken9!" and it was given a "Good" rating. Than I created another login and typed in the same exact password and now it is given a "Fair" rating.

    Doesn't make sense. Try it yourself.

    Also, why doesn't this conversation show up in the Forums anywhere?

    Thanks,

    Alex

  • aldrozdaldrozd
    Community Member

    Hi Dave,
    Have you found out anything yet?
    Thanks,
    Alex

  • TurtleCurse7TurtleCurse7
    Community Member

    I tried Alex's experiment and see the same thing he is. Using 1Password for Mac 8.9.13 (80913040).

  • Dave_1PDave_1P

    Team Member

    @aldrozd and @TurtleCurse7

    I created two Login Item using the 1Password 8 for Mac app and typed FowardsBlacken9! into the password field for both items:

    image
    image

    Both are labeled as Good.

    Can you confirm the following:

    1. That you're creating Login Items rather than Password Items.
    2. That you're creating the new items using the 1Password 8 for Mac app.
    3. That you're viewing the password strength in the 1Password 8 for Mac app and not another location such as 1Password.com
    4. That you're typing the password into both items and you're not using copy and paste anywhere.

    I look forward to hearing from you. πŸ™‚

    -Dave

  • aldrozdaldrozd
    Community Member

    Hi Dave,

    1. I am creating Login Items
    2. I am using 1Password for Windows 8.9.13
    3. I am viewing it in 1Password for Windows, the same place I created it.
    4. I am typing in the password and not using copy and paste.

    See attachments.

    Thank you,
    Alex

  • TurtleCurse7TurtleCurse7
    Community Member

    Well this is awkward...

    I tried to recreate, but could not. After more careful inspection of the two login entries, the password rating of "good" shows up for FowardsBlacken9! and a rating of "fair" shows up for ForwardsBlacken9!. The "fair" password includes the letter r which probably gets a lower score because of a dictionary lookup.

    So this was definitely an issue of "problem exists between chair and keyboard" on my part. Sorry about that!

    I'm also seeing the letter r in the latest screen grabs from @aldrozd.

  • 1P_Gem1P_Gem

    Team Member

    Hi @TurtleCurse7! Thanks for testing this out and letting us know your findings πŸ˜„ it definitely seems as if the additional r in one of the passwords is making all of the difference here. @aldrozd, do the password ratings match if you remove the first r from the password in Login111a?

  • aldrozdaldrozd
    Community Member

    That was my error leaving out the "r" when I retyped it. I will have to do some more experimenting.
    Thanks!

  • 1P_Gem1P_Gem

    Team Member

    Hi @aldrozd, I'm glad to hear that particular mystery has been solved! If you run into any further questions during your experimenting, don't hesitate to reach back out πŸ˜„

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file