How can I check the security of my master password?

jazzman

Just wondering how I can check how secure my master really is?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Stephen_C

There's a good AgileBits blog post here:

Toward Better Master Passwords

I suspect that reading that may give you a few ideas about the security of your master password.

Stephen

jazzman

Thanks much, Stephen. I'll look into it.

jazzman

OK, now I've read "Toward Better Master Passwords". I get it. However, is there a way I can check my current master password against the password generator to see how secure it is in comparison to the pw generator?

Stephen_C

Well, I suppose you could create a new random, test login with 1P and for the password input your master password and see how much of a green strength line you get. :) I'm not quite sure how much of a "test" that would be—because master passwords are not quite the same as login passwords, of course. (Your master password is the key to the life you have locked away in 1P.)

I suggest deleting the test login afterwards to avoid any confusion.

Stephen

hawkmoth

There are a number of password strength checkers available on the web. Google will happily show them to you. But it's hard to recommend them, because you are entering your most important password (your master password) into a web form, and I don't know how you could be assured that transmitting that information would be safe. One of the top hits in my Google search takes you to a page that specifically warns that the site could be stealing your password, but then says it's not doing so. It cautions you to be careful where you enter your password. Good advice, that.

I think I'd be most content with something like what @Stephen_C recommends.

jazzman

Thanks, guys. Without getting too personal, I take it you are using some variant of Arnold Reinhold's system?

littlebobbytables

Hi @jazzman,

I take it you mean for Master Password generation? I'm sure you'll find a few approaches. I use a phrase and include made up words to make it harder. Passwords based on concepts such as long passphrases or Diceware have the added benefit of being easier to type on an iOS keyboard where even moderate usage of numbers or symbols will probably lead to a vocal outburst ideal not witnessed by young people as well as the potential for being easier to remember. That's just my thoughts on the matter of course but given I only have to remember 1-2 real passwords i.e. one to gain access to my computer, another for 1Password then can be long and not real words yet still be strong due to the length and number of words involved.

hawkmoth

Diceware for me. It is secure, if you use enough words, even though the list of words is published. Fun too. When was the last time you sat at a table and rolled dice for a useful purpose?

littlebobbytables

Disclaimer: hawkmoth is not suggesting for one moment that Dungeons and Dragons isn't a reasonable pursuit.

Sorry @hawkmoth, I couldn't resist :pirate:

Last time I saw dice was at a friend's birthday party and they were used as part of a drinking game. It was very messy. I think I preferred the previous usage which would have been Yahtzee.

jazzman

Hi @littlebobbytables,

You said you use "made up words". Did you make up your own words to go along with your phrase, or did you use Diceware? What would be wrong with using the words from a phrase that you made up that have no relevance to your own life?

hawkmoth

Part of the message in the page about making better passwords is that humans are very poor at picking random words. For example, people will nearly always pick only nouns. Diceware is just a method for making sure that the words you pick for a passphrase really are randomly chosen.

If you have another way to truly pick at random, go for it.

Vee_AG

Hey @jazzman,

Randomness is important. Password crackers will guess phrases that make sense (i.e., the type of phrase a human brain is more likely to come up with) before phrases that don't. An excerpt from the Diceware section of Toward Better Master Passwords addresses this pretty well:

For those who really want to use this system and get the most security out of it, you should combine Diceware with your own private system. Create a short random password, including digits and symbols and use that in place of one of the dicewords in your final password. So going back to my dogs, Molly and Patty, I might create a weak password like 2dM&P, and suppose my rolls of the dice gets me cleft cam synod lacy, I could then create a master password like cleft 2dM&P cam synod lacy, which would be a very good master password. With repetition, it is something that you can learn to type quickly.

jazzman

Thanks, guys. Randomness and Diceware for me!!!

Vee_AG

Right on, @jazzman! Your passwords will be so strong! :chuffed:

jazzman

Workin' on 'em right now, @Vee! Appreciate your encouragement and advice.

Vee_AG

No problem at all, @jazzman. We appreciate your serious approach to secure passwords! And remember that you can store any passwords you want in 1Password (Diceware-generated or otherwise) to keep them safe and handy. :+1:

jazzman

Thanks, @Vee. I hope you are referring to just hitting "fill" when you generate a new pw and how it parks the new password over in the left column. Otherwise, please tell me how to do this.

Vee_AG

Sure, @jazzman, if you're using our built-in Strong Password Generator, that works, but there are a few other ways you can save a new item as well:

• Saving a Login
• How to manually save a Login
• Create an Item

So you have options. It's just a matter of preference, so feel free to do what works best for you.

jazzman

Thanks much @Vee. You've helped me a lot.

Vee_AG

You're most welcome, @jazzman. :)