Stronger passwords

Thadili
Thadili
Community Member

Hello,
I think it already startet some time ago, when you changed the password generator. I just want to know if it is on purpose that a password without symbols and/or numbers is marked stronger than a password with. I didn't test all length and combos but at least the strongest 13 digit pw is letters only.

Ps: wasn't sure wich Forum was the best category.


1Password Version: 6.8
Extension Version: Not Provided
OS Version: iOS 10.3.3
Sync Type: Dropbox

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Thadili: No problem. Since it sounds like you're using 1Password for iOS, this is fine. Can you give me a step by step of what you're doing? 1Password is pretty good about determining password strength with passwords it generates itself, but it's possible we have a bug there. However, keep in mind that if you're making these passwords up yourself (or manually modifying one 1Password generated), it will be deemed weaker since it wasn't created completely at random. Let me know!

  • Thadili
    Thadili
    Community Member

    @brenty
    I just use the password generator. If I set it to length 13 it will generate a password with letters only, wich is nearly at max in the green bar under it. And the bar will decrease when i add digits or symbols or check avoid ambiguous characters.
    I thought it would be stronger with more variety but it seems weaker.
    Just testet it on mac and there is the same problem.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Thadili: Aha. Thank you for clarifying! That was perfect! I understand what's going on here, and it's a limitation of the current password generator implementation. Since you have to specify a certain number of symbols and/or digits, there's often going to be less entropy — especially with a shorter password — when you enable one of those. You'll get better results with a much longer one, but ultimately it would be better to have simple checkboxes for symbols and digits. That way, with both enabled, any character in the password could potentially be any of 96 different characters. Limiting it to a certain number of each is the problem here, and it's one of the things we'll be addressing as we improve the password generator in a future version. Thanks for the feedback on this! :)

This discussion has been closed.