"Weak Passwords" behavior is confusing when password is removed

cec
cec
Community Member

Hi, I discovered a minor UX issue regarding the Weak Passwords section of the Security Audit. I have a number of Secure Notes which I use for storing 4 digit PIN numbers such as combination locks and door access codes, which I entered using the Password field type. These "passwords" are then classified as weak, and I didn't want them cluttering up my security audit, so I changed the field type from Password to Text. However, the items still remained in the Weak Passwords list.

Steps to reproduce:
1. Create a new Login item with password "1234".
2. Check that new item appears in Weak Passwords list.
3. Change field type of "1234" from Password to Text.
4. Check that new item still appears in Weak Passwords list, despite no longer having a password field.

I did find a workaround:
1. Add a dummy password field and autofill with a strong password.
2. Check that the item no longer appears in Weak Passwords list.
3. Delete this dummy password field.
4. Check that the item remains removed from the Weak Passwords list, despite no longer having a password field.

This seems to imply that whatever value is used to determine the Weak Passwords classification is not updated when a password is removed.

Cheers,
Chris


1Password Version: 6.7
Extension Version: Not Provided
OS Version: macOS 10.12.4
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @cec: Thank you for those details! We're investigating some issues related to the password strength meter, and I'll share this with the development team. This is something I've been investigating recently as well. Your last statement there sums it up nicely. Much appreciated! :)

    ref: OPM-4897

This discussion has been closed.