What is the Master password strength/requirement ruleset?

Hi, what is the master password strength requirement / ruleset used by 1passord when one is setting up a user account and the master password?
We have a business account and right now we are undergoing a IT revision and the auditors are asking me for documentation that proves that the master password strength is as strong or stronger than my companies active directory password strength policy.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:master password strength requirement

Comments

  • Hi @kristianlingsom,

    Master Passwords must be at least 10 characters — but remember this is not the only item needed to access a 1Password account. You must also have the Secret Key which is an additional 34 characters and is randomly generated (except for the first 8 characters which identify the account and version of the Secret Key).

    I hope that helps!

    Ben

  • kristianlingsom
    kristianlingsom
    Community Member

    Hi, yes that helps a bit. I know that one needs the secret key, and I've tried to explain what that means for the auditor, though I’m not sure that he actually understood what that implies. I've played around with setting a new master password and as you say it must be at least 10 characters, but there are also other rules in play. If you enter 10 characters one of them needs to be a special character. but if your password is longer then 10, don’t know how long, it doesn’t need any special characters. I didn’t spend enough time so figure out if there is any lower-upper case or numeric character requirements.
    For now I’ll just tell the auditor that the master password must be minimum 10 characters long and contain at least 1 special character, with of course further explanation of the secret key and what level of extended security that brings in protecting once personal account.

  • john_m
    john_m
    1Password Alumni

    Hi @kristianlingsom! If it helps with your auditor, we have a page that gives an overview of what the Secret Key is, and how it helps to increase the strength (entropy) of the encryption involved with 1Password: https://support.1password.com/secret-key-security/

    In terms of symbols or other requirements - the only requirement is a length of at least 10 characters. When you're changing your Master Password via the web interface, Paddy the Padlock will offer some tips to help choose a good Master Password (such as including a symbol, or adding a capital letter), but these are merely suggestions - you can set a ten character lowercase-only Master Password if you wish, although this would not be recommended! See our guide here for choosing a good Master Password: https://support.1password.com/strong-master-password/

  • kristianlingsom
    kristianlingsom
    Community Member

    okey, thanks guys. love your product by the way

  • john_m
    john_m
    1Password Alumni

    You're very welcome @kristianlingsom - and thank you for your kind words :chuffed:

    If there's anything else I can do for you, just let me know!

This discussion has been closed.