Bug with password strength indicator on Mac

Options
scotty321
scotty321
Community Member
edited September 2018 in Mac

Very strange bug in 1Password 6.8.8 (Mac App Store) running on macOS 10.13.6.

  1. 1Password for iOS generated a very secure login password for me for a website -- it's something like 30 characters, with numbers, symbols, letters, everything. Extremely secure.
  2. Synced via Dropbox to 1Password on the Mac.
  3. On 1Password for Mac, I copied that secure password from its original login and then pasted it into a 2nd login.
  4. I deleted the original login and kept the 2nd login.
  5. BUG: The "password strength" indicator in 1Password for Mac shows that it is the weakest password of all. See screenshot below. This is obviously not true, as it is an incredibly strong password.

WORKAROUND: The way to workaround this bug is to manually edit the password in 1Password for Mac, then manually delete the last character of the password, then manually retype the last character of the password, then manually save the password again. That fixes the password strength indicator.

Obviously, I wouldn't have even caught this bug unless I was looking at it in 1Password for Mac, so who knows how many other passwords 1Password for Mac thinks are weak but really aren't.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni
    Options

    @scotty321 - thanks for reporting this, and apologies for the inconvenience. Our developers are aware of it, and fine-tuning the password strength calculation is something we're working on for an upcoming release. Currently (as you've noticed, via your workaround) copy/pasting a password assigns it a strength of "terrible" because we don't know how the password was generated. It may LOOK strong but be considerably weaker than it looks. Pa$$wOrd123 looks pretty strong -- it's a little short, perhaps, but besides that, it has two symbols, three numerals, and mixed-case letters. Clearly, it's one of the weakest passwords imaginable, however, for obvious reasons. I'm glad you were able to discover that workaround, until such time as we're able to deploy a revised password generator and strength indicator. Thanks again for reporting! :)

    ref: apple-973

  • Lars
    Lars
    1Password Alumni
    Options

    @scotty321 - that's not quite how it works, but we are indeed looking to make the password strength evaluator more consistent in upcoming releases, across all platforms.

This discussion has been closed.