Is it possible to check the strength of your Master Password?

jazzman
jazzman
Community Member
edited July 2017 in Mac

I thought there was a way to check the strength of my Master Password when I originally set it up, but that was three years ago. If it exists, I've forgotten where it is.


1Password Version: 6.7
Extension Version: 4.6.6
OS Version: 10.12.5
Sync Type: iCloud

Comments

  • Hi @jazzman,

    I believe we got rid of the strength indicator when creating the Master Password. Calculating the strength of a human-generated password is a difficult thing to do correctly. If you're just looking for an idea of its strength, you could create a new Password item and type in the password. The strength indicator will give you an idea of its strength in that case.

    Rick

  • jazzman
    jazzman
    Community Member

    Hi @rickfillion,

    Thanks much. I understand.

  • You're welcome. Let us know if you have any more questions.

    Rick

  • jazzman
    jazzman
    Community Member

    Hi @rickfillion,

    It seems to me that, when I set up !Pass, it indicated my Master Password was very secure, and I think I read that I should really never have to change it. Unless my memory is faulty, I think it indicated it would take a zillion years(I can't remember the real number) to hack my Master Password. There was some kind of indicator like this a few years back, right? I'm just trying to nail down whether I remember this correctly or not. I don't want to change my Master Password unnecessarily.

  • beyer
    beyer
    1Password Alumni

    @jazzman: In the past, we have had a password strength meter as part of our first run experience on previous versions of 1Password.

    For example, this is how it looked in 1Password 5 (which was almost identical in 1Password 4):
    OPM5 Screenshot

    I don't believe 1Password has ever had a system that estimated the "time to crack" a Master Password during Vault creation. However, I encourage you to review our support guide on how to choose a good Master Password if you have concerns about your current Master Password strength. This guide also contains links to some of the past blog posts written by Jeffrey Goldberg, our Chief Defender Against the Dark Arts.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • jazzman
    jazzman
    Community Member

    Hi @beyer,

    I don't really have any concerns about the strength of my Master PW. Is there any real need to change it from time to time?

  • beyer
    beyer
    1Password Alumni
    edited July 2017

    @jazzman: I only recommend changing your Master Password if there is a valid reason:
    1. You suspect there's a possibility your Master Password has been disclosed/compromised.
    2. Something in your life has changed to make your Master Password more guessable. For example, if I used the word "Smokey" in my Master Password and then adopted a dog named "Smokey".
    3. You're currently are or ever have used your Master Password for anything other than 1Password.

    The list goes on, but I think you get the point. If you don't have concerns about the strength of your Master Password, then there's no reason to change it. Unlike a password used for authentication which generally has a higher chance of being compromised, your Master Password is only used to decrypt the actual encryption key for your 1Password Vault.

    I hope this helps. If you have any additional questions or concerns, please don't hesitate to ask.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • jazzman
    jazzman
    Community Member

    Hi @beyer,

    Appreciate all your help! That thoroughly answers my question about the Master PW.

    Let me ask you this. My vault is encrypted. So, even if it got hacked somehow, it would be unintelligible to the hacker, right? The hacker would have to have access to my Master PW to make any sense out of anything, right?

    Also, I have been struggling with the question of upgrading to a subscription rather than a stand alone license. For me it's just a matter of control. I have everything seriously backed up, so that's not an issue. I even had a hard drive crash last month and was quickly up and running again. First time that's ever happened to me, but it was not a problem. Any thoughts?

  • Hi @jazzman

    Correct; your Master Password is required to decrypt your 1Password data. That is only known by you - it is never transmitted.

    There are a lot of benefits to a 1Password membership beyond having an online (off-site) backup, though that is certainly an important one. You can read a bit more about those benefits here:

    What are the benefits of a 1Password membership?

    I hope that helps!

    Ben

This discussion has been closed.