Hi, I have just seen a tutorial on 1 password and have a question before purchasing.
Hi
The tutorial shows the opening screen of a new purchase, where it asks for you to set up a password of your choice, which it says can be quite simple, to access the main program screen. Then the tutorial shows the different features.
Then it shows how you can actually see a password you have set up (not just the dots), by clicking on a reveal button.
My question is, surely anyone who can crack this simple access password to open the program can then get all my passwords just by clicking the reveal button!
Is this correct? As that would negate the whole point of having 25 character passwords if someone can just click a reveal button and see and
read them on the screen.
Regards
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:H
Comments
-
My question is, surely anyone who can crack this simple access password to open the program can then get all my passwords just by clicking the reveal button!
@howcar: Just someone could easily gain access to your home because you left the door unlocked (though closed), using a weak Master Password would make it much easier for someone to access your 1Password vault and its contents.
Don't.
Be sure to use a long, strong, unique Master Password so that no one can guess it.Is this correct? As that would negate the whole point of having 25 character passwords if someone can just click a reveal button and see and read them on the screen.
Now I'm confused. Are you using a weak password that someone can guess, or a good long one? Without your Master Password, the vault cannot be unlocked; and without the vault unlocked, the passwords stored within cannot be accessed or revealed. Does that help clarify things? Let me know if you have any other questions! :)
0 -
Hi @howcar,
To expand on brenty's post:
My question is, surely anyone who can crack this simple access password to open the program can then get all my passwords just by clicking the reveal button!
No, they cannot crack your 1Password master password easily. We do not store your master password anywhere nor do we use it. When you create a new vault and enter your master password for it, 1Password generates a very strong + large encryption key on the fly and then encrypt that key with a key that's built after scrambling your master password tens of thousands of times with an algorithm.
In other words, to try a password, a cracker has to process it the same way, it has to scramble it tens of thousands of time before trying it. That takes a lot of time to do per password guess. A good passpharse can take several centuries to crack.
It is not like in the movies, where if you guess the first character, the program returns it as valid, it doesn't work like that. You must enter the entire combination correctly. So, if you have a password like this:
fleabane indecent kindle america
, enteringf23klj324lkj234
does not tell the cracker that they have first character correct, it'll just return invalid.In addition to this difficult issue, they also must breach your system or the cloud servers if you're syncing to grab your data before they can start cracking it.
Is this correct? As that would negate the whole point of having 25 character passwords if someone can just click a reveal button and see and read them on the screen.
The concealment does not provide any security benefits. All web sites must take your password in its clear text format, it cannot take in asterisks. 1Password provides this as an illusion trick to prevent shoulder surfing, for anyone going behind your back and seeing what you see on the screen.
As for crackers, again, they must have a copy of your data file on their system and then they have to wait several lifespans to figure out the right combination. But if they do figure out the password, then yes, they can then gain access to everything you have.
0 -
Brenty and Mike
Thanks very much for the speedy and detailed replies.
I now feel confident enough to go ahead and purchase.
Thanks again
Howcar
0