Incorrect password strength indicators

andrewlumley
andrewlumley
Community Member
edited April 2023 in 1Password 3 – 7 for Mac

I recently discovered a bug with the new password strength indicator. I created a new "password" entry by clicking on the "+" button next to the 1Password search field. Next, without entering a password into the default password field, I populated a custom password field with a strong password. When I saved the entry, both the empty password and strong password showed "terrible" password strength indicators. When I enter a strong password in the original password field and save the entry, both password strength indicators indicate strong.

After some more testing it appears that regardless of the strength of the custom password, it will just copy the same password strength as the default field.


1Password Version: 7 BETA 8
Extension Version: Not Provided
OS Version: OS X 10.11.5
Sync Type: 1Password Account

Comments

  • Ben
    Ben
    edited April 2018

    Interesting! Good catch. I’ll let development know about this issue. Thanks for the report.

    Ben

    ref: apple-725

  • Raziel
    Raziel
    Community Member

    I have multiple passwords stored under the same item. The problem is all the passwords under the same item shows the same password strength as the main password (just under the username and enclosed in the white box), whereas added passwords for new sections while showing a password strength meter, it does not reflect the true password strength of the particular password.


    1Password Version: 7.0 beta 9
    Extension Version: Not Provided
    OS Version: OS X 10.13.4
    Sync Type: Not Provided

  • francesdath
    francesdath
    Community Member

    I noticed this too. It seems to show on passwords made of words with spaces, where the individual words are maximum six characters long, all lowercase and no other character types, though not always limited to these.

    I made a Smart Folder with 'Password Strength: Terrible' and it doesn't pick up these anomalies – in fact is showing PINs, which I would have thought would be excluded as they do not show Password Strength. Also, if I edit and save the password, it changes from Terrible to what I'd expect, based on similar passwords. But not always. I've found this so far on around 1% of all passwords.

  • stillmoms
    stillmoms
    Community Member

    I also observed this behavior in the 1Password 7 BETA a couple releases ago, is it still occurring in BETA 9?

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited April 2018

    @Raziel, @stillmoms: I'm not seeing that here, but I may just not have enough information. If you're still seeing this behaviour, do you have an item without sensitive information that could be shared? Thanks!

    ref: apple-725

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the additional info! Definitely some kinks to iron out. Appreciate you participating in the beta! :)

  • stillmoms
    stillmoms
    Community Member

    I just reproduced this in 1Password 7.0.BETA-9. Create a Login item with a username and very weak password like “password” and save it—the little password strength indicator next it will rightly identify it as “Terrible” with a barely filled in red mark in the circle. Then create a second password field farther down in the item using the random character password generator and make it very long, so the strength indicator in the creation window fills in green. Save it. You’ll see that the second password you’ve made shows as “Terrible”, just like the first, main password in the item. If you reverse the two, you’ll see the opposite behavior; the “password” password gets the Fantastic status even though it is, objectively, terrible.

  • Raziel
    Raziel
    Community Member

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Raziel, @stillmoms: Thank you! While I'm not seeing this myself, we've got at least one team member who's (seemingly) able to reproduce it on demand, so we should be able to track it down. :)

This discussion has been closed.