Inconsistent password strength for same password

Options
tacomanator
tacomanator
Community Member
in Mac

FYI

Did a manual password reset for a service (which has a non-web based reset process) by creating a new Password item. With the password reset, I logged into the service's website copy/pasting the newly generated password. The 1Password extension noticed the change and prompted to update the Login item, which I did. Now the same password is in both items but the strength indicator differs: the Password item shows full strength but the Login item shows 3/4 strength (perhaps same as my old password?).

I tested a little further.

I clicked Edit for the Login item, copied the password, and pasted it right back into the same field. The strength indicator dropped to what I assume is 0 (red dot). Next I tried copy/pasting the password from the Password item into the Login item and the indicator jumped to full. These were all the same password, except perhaps if a different character encoding is used, which I did not attempt to check.

1Password Version: 1Password 6 Version 6.8 (680015) AgileBits Store
Extension Version: 4.6.8.90
OS Version: macOS Sierra 10.12.6 (16G29)
Sync Type: 1Password family

Comments

  • Ben
    Ben
    edited August 2017
    Options

    Hi @tacomanator

    1Password takes entropy into account when calculating password strength. A password typed directly into a password field in 1Password is assumed to have no entropy. As such it is entirely possible for two identical passwords to read different password strengths.

    Ben

  • tacomanator
    tacomanator
    Community Member
    edited August 2017
    Options

    I didn't type the password into the field in 1Password. I copied it from the Password Item, pasted it into the login form on the website, and submitted the form. The 1password extension noticed the new password and prompted to update the existing Login Item for that site. I then went to look at the updated login item and the strength was not the same the Password Item which had the same password.

  • rudy
    rudy
    edited August 2017
    Options

    @tacomanator,

    What you describe there is equivalent to a manually typed password. You pasted the password into a website and then the extension saved it. The only way that it would have saved it with the entropy based calculated strength would have been if you had used the Password Generator to Fill the field on the page.

    Rudy

    ref: OPM-5256

This discussion has been closed.