Feature Request: Display password strength meter on all fields used as password

davesblend
davesblend
Community Member

I think it would be helpful to display password strength meters for any field used as a password. For example, Email, Database, and Wireless Routers category entries do not show password strength meters adjacent to respective password fields (when viewing an existing entry).


1Password Version: 6.3.3
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @davesblend: Thanks for the suggestion! I think I'd also add custom "password" fields to this as well, and it's certainly something we can consider adding in a future version. Just keep in mind that unless you're using 1Password to generate a random password, the "strength" rating cannot be reliable (since the entropy is unknown). Cheers! :)

  • davesblend
    davesblend
    Community Member

    Thanks for the follow up. I think some form of indicator is better, than not, when attempting good password hygeine. However, I did not realize (and had not considered) the strength meter was potentially less accurate because of entropy quantification. After signing up for 1Password, I have been incrementally regenerating critical passwords. But sometimes, especially with the word generator, I will sprinkle in/override characters with capitalization and numbers/symbols. Maybe getting into the weeds here, but is entropy level that critical to the word generator passwords? Just thinking out loud that the combinations plus length and prediction of word library itself would be prohibitive. I assume "random" indexing into some word dicitionary is good enough knowing that entropy pool is probably not that huge in practice. That is why I often override the word generator output with additional characters, just as a precaution (in my mind at least).

  • AGAlumB
    AGAlumB
    1Password Alumni

    @davesblend: Indeed. We try to make a reasonable guess when it comes to "mystery passwords", but the only way we can really make an educated guess (which is more useful) is if 1Password generates them itself...and therefore knows how it was created.

    You raise some excellent points! The important thing to keep in mind with word-based passwords is that entropy is counted not based on the number of possibilities per-character, but rather per-word. And while a word-based password will always have less entropy that a character-based password of equal length, they're still much better than something we — as imperfect, non-random humans — come up with ourselves.

    But bringing these two issues together, I also want to point out that because of the problem of guessing password strength, adding characters manually to a generated password (in this example, word-based) means that 1Password can be wrong about its strength. If you choose these "additional characters" randomly, that is a benefit; but I felt it was important that I point out that this means 1Password doesn't know the external origin (and therefore efficacy) of the password as whole.

    I also thought, given your comments, you might be interested in some more information about the 1Password Wordlist. Let me know if you have any other questions, comment, or suggestions! :)

This discussion has been closed.