Some of my logins show a "terrible" rating, but they're similar to those rated higher.

Allofus
Allofus
Community Member
edited August 2020 in Families

The passwords rated terrible are not very different to some rated much higher, so it appears something must not be right, but I can't figure it out.


1Password Version: Version 7.6
Extension Version: (70600005)
OS Version: OS 10.15.6
Sync Type: ?
Referrer: forum-search:why are some login passwords not rated

Comments

  • Allofus
    Allofus
    Community Member

    Can't figure out how to edit my issue, but wanted to add that one of the login passwords rated "terrible" was generated by 1Password; and it is long and difficult. All of these logins seem to work fine otherwise; they open sites and auto fill in the appropriate blanks.

  • Hi @Allofus,

    Are any of these passwords saved on multiple records (e.g. do they have a red Watchtower banner at the top of them warning about password reuse)? Reused passwords are rated as 'terrible' regardless of any other characteristics of the password.

    Please let me know. Thanks!

    Ben

  • Allofus
    Allofus
    Community Member

    No, whenever I see that, I make sure to find and delete any duplicates. It is always that the login somehow was saved twice, as I never reuse passwords for different sites.

  • sasbmore
    sasbmore
    Community Member

    I also have this problem. I have many long/complicated passwords (nonsensical jumbles of at least 16 characters in caps/lowercase letters, numbers, symbols) that are listed as "terrible" after adding them to 1Password. None of them are reused on multiple sites or marked as duplicates by Watchtower. In some cases, they were generated by another password tool, but others are those generated by 1Password. There may be a few mixed in that actually are bad, but now I feel I can't rely on the tool to show an accurate rating. Further, despite being marked as "terrible" none of these passwords are showing up in Watchtower as weak passwords. This begs the question: What is the hierarchy of the password ratings? Is terrible better than weak? What does it take to get Watchtower to flag these?

  • slim
    slim
    Community Member

    Same for me with "terrible" passwords, even when they're long and a mixture of letters, numbers, and symbols, sometimes 1Password generated. I'm not getting warnings that any of these are duplicate passwords or Watchtower problematic. In one case today, a 1Password generated password was listed twice having been so recorded as part of the same account setup process at a particular site. One instance was designated as "fantastic," the other "terrible." According to Ben, that makes sense, even though it wasn't labeled as a duplicate. But, even after I deleted the one labeled as "fantastic," the other remains "terrible."

    Looking through my logins, I see that it's been 1 week short of a full year since any of my passwords are classified as "fantastic" other than the one I just deleted. Some aren't enough characters to merit that, perhaps. But others are. Lots of the stronger ones are "terrible."

    This is either a bug or something related to how 1Password is categorizing things. We can't all have the same problem in senseless ways without it not being a problem.

  • Hi folks,

    Thanks for the additional information here. I've shared this feedback with the development team. Hopefully in an update we'll be able to make the ratings more reliable. Certainly in the case of a duplicate password both instances should be marked as 'terrible', not just one. Additionally we have had other reports of ratings that don't seem to make sense, and are looking into how that comes about.

    Ben

  • slim
    slim
    Community Member

    Thanks, Ben.

  • You're very welcome @slim. I wish I had a more immediate solution to offer here. Hopefully development will be able to better track down where things have gone a bit wonky.

    Ben

  • patrickj
    patrickj
    Community Member

    I have this problem as well. I have passwords with 20 totally random characters including many symbols rated "terrible".

    My passwords are generated with 1Password on my Mac using the Safari extension for 1Password & application most usually. I just created one now and it is supposedly "terrible" but it is in fact very good.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for letting us know @patrickj! It sounds indeed like you encountered the same bug :+1:

  • patrickj
    patrickj
    Community Member

    Well I have to say my password with 20 random characters is terrible poetry…

    Maybe 1Password is simply using different criteria from that which was originally intended?

  • ag_ana
    ag_ana
    1Password Alumni

    @patrickj:

    Maybe 1Password is simply using different criteria from that which was originally intended?

    I am sure our developers will figure out what is causing this strange behavior after all :) In the meantime, thank you for your patience!

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for sharing your experience as well @sylath :+1:

  • PorterIV
    PorterIV
    Community Member

    I would agree with the original post. I am getting this even on the passwords you all have generated. The circle with terrible next to it only appears in the Mac app. None of these passwords show up as weak in the Watchtower and none of them have the same designation when logging on via the website. It is strange and disconcerting. There is just an empty circle next to the "terrible" so I wasn't even sure it was a rating. I would also say the "terrible" sounds a little harsh and you may want to stick with "weak"

  • ag_ana
    ag_ana
    1Password Alumni

    @PorterIV:

    Thank you for your feedback!

    I would also say the "terrible" sounds a little harsh and you may want to stick with "weak"

    The fact is, it's not a naming problem, but rather a visual bug. The passwords are probably strong, it's just a visual bug that does not update the strength meter properly in certain cases. It has nothing to do with the actual strength of the password itself, so changing the name of the rating would not solve anything :)

  • dbeauregard
    dbeauregard
    Community Member

    Hi, I am also seeing this issue in the OS X app v7.6. When adding existing passwords to 1password in the OS X app they show up as "terrible" and the wheel (that shows the relative strength) is all grey, no green. If I look at these same passwords online in 1password the green meeter is about 75% full (good). These are strong and unique passwords. Is it possible to file a bug report for the OS X app to get this fixed? Thanks - Derek

  • Hey @dbeauregard

    We do have a bug filed for this; sorry for the trouble. Hopefully we'll be able to get it fixed up soon.

    Ben

  • PatriciaW1943
    PatriciaW1943
    Community Member

    I used 1Password to generate a password for a site but the site had requirements that the generated password didn't meet so I modified it very slightly and now it is marked as terrible.

  • Hi @PatriciaW1943

    That isn't entirely unexpected. User generated passwords (which a modified generated password would be) use an entirely different calculation for the password strength rating. The reason for that is that we have no way of knowing the entropy (randomness) for such a password, whereas for unmodified generated passwords we do.

    Ben

  • PatriciaW1943
    PatriciaW1943
    Community Member

    It is a very good password ... very far from terrible. Most of my passwords are user generated and most of them are marked as good but nowhere as good as this terrible one.

  • grbtv1
    grbtv1
    Community Member

    There is a workaround that takes a few clicks but solves the aesthetic problem of a strong password labeled terrible: edit password - add any character to the end of the password - save - edit password - delete the character - save.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for letting us know @patriciasullivan. This specific password might be ok, Ben comment was explaining the difference in general when it comes to manual password creation ;)

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for sharing @grbtv1!

  • slim
    slim
    Community Member
    edited August 2020

    I'm finding that the mistaken "terrible" rating occurs on my Mac, but does not necessarily occur in my account via a browser window. I just created a password that the Mac app says is "terrible," but the web page for that entry has the quality slider in the horizontal center, which seems appropriate. I don't normally edit there, but on Firefox, that's where the 1Password extension sends me to make edits.

    I can also verify that if I change it from within the app, the terrible rating is rejudged more appropriately.

  • Ben
    Ben
    edited August 2020

    Thanks @slim. I'm currently working with our development team to try and narrow down how / when / why this happens.

    One question that was asked is: is this happening with any newly generated passwords? Or is it only with passwords that were generated a while ago?

    It sounds like we have changes to how some of this works slated for v7.7. These changes will not affect any passwords already marked as terrible, but if any newly generated passwords seem inappropriately marked after that version is released and installed please do let us know.

    Ben

  • just1more
    just1more
    Community Member

    I've also encountered this issue and it seems to be related to the 1Password Safari Extension in my case.

    I generated a strong password (32 characters, including numbers and symbols) via the extension (Safari v14.0, 1Password extension v7.6), 1Password records the strength as terrible. If I use the native 1Password app to set exactly the same password it's rated as fantastic.

    I typically let the browser extension capture the details when creating a new account so all the new ones I've created lately show as terrible. Regenerating a new password in the native 1Password app and then pasting this value into the web application fixes the problem but that's a bit of a bummer to have to do each time.

  • Thank you for the report @just1more. If the problem persists after v7.7 please let us know. We have some improvements planned for that version that may help here.

    Ben

This discussion has been closed.