please add a preference to toggle visibility of ratings generated by 1Password

JimmyMtl
JimmyMtl
Community Member

Every password I generate with 1Password shows Fantastic but when it’s used for a brand new login, and a subsequent entry is made for the login, the same password is marked as either duplicate or as Terrible.
This is annoying because I've been using 1Password for twelve years and all my passwords are excellent or fantastic and I respectfully disagree that your algorithm should consider provenance in it’s evaluation.

Many websites create new user accounts on a subdomain different from the principal or login domain. Just because 1Password doesn't know that it didn't create the password is not a good reason to mislabel a password Terrible. In fact, it undermines the whole process of teaching users what a good password looks like and giving them confidence in using a password manager. Just try explaining to an elderly family member why their password is Terrible. Oh the program just says that, you can ignore it is an unacceptable answer.

Since this has been an ongoing issue since at least February 2019 https://discussions.agilebits.com/discussion/101712/why-is-this-a-terrible-password, please consider a adding a preference setting to toggle the visibility of the arguably worthless ratings generated by 1Password.


1Password Version: 7.6
Extension Version: built-in
OS Version: 10.14.6
Sync Type: iCloud
Referrer: forum-search:How can I disable password rating?

Comments

  • Ben
    Ben
    edited September 2020

    Hi @JimmyMtl

    There are a few issues here leading to what you're seeing:

    1. Workflow: It sounds like you're making this harder on yourself than necessary, and also ending up with duplicate records as a result. Would you mind walking me through the steps you're taking where you're ending up with both a Login item and a Password item? You may be able to save yourself a number of steps and also avoid this situation with a modified workflow.
    2. Bugs: Currently 1Password doesn't always clean up Password items when saving the same password that was generated onto a Login item. It should be doing this, and we hope to fix that soon. Additionally, if you copy a password, the entropy (randomness) value isn't currently preserved. So if you copy it from one record and paste it on another that data is lost and the rating will suffer as a result. Again we hope to have this fixed up soon, though it won't correct the issue for any existing entries — only new entries going forward. In the case of existing entries, once the fix is implemented, you'd have to generate a new password in order to get a new rating.
    3. Duplicates: This one isn't a bug. If you have the same password saved on multiple items in your database, 1Password it supposed to consider them to be terrible regardless of any of their other characteristics. This is there to try to discourage password reuse (e.g. Your Google password should not be the same as your Facebook password). If there is a bug in this... it is that both passwords should be marked as terrible, not just one.

    Please let me know re: #1. Thanks!

    Ben

  • JimmyMtl
    JimmyMtl
    Community Member
    edited September 2020

    Hi Ben, let’s go in reverse order:

    3) agreed — duplicate detection is clearly a great thing; however, when the password entity is generated by 1Password for use, it’s a password “key icon” entity in the list. If the user then creates a new login with that password, and fills it in using the extension and the “find”, it results in two entries (a password and a login) both of which show Fantastic. Yay (for now, it may not last, see item 1 below).

    2) The entropy isn’t preserved if it’s copied — this is perhaps the heart of the matter. There ought to be a method of determining how random a password is without knowing it came from the 1P engine. It can’t be perfect, but there are other ways to generate random passwords — methods which some might argue are as good as or better than 1P’s (using the new 25-dice shaker for example). I’m completely pleased with the quality of randomness in 1P, so I stick to it for PW generation. Copying isn’t always avoidable. When? On iOS… there have been times I’ve tried signing up on an application (Zwift, Kinetic, Peloton, etc. Apps) and ended up generating the PW in the 1P App or going to the Mac, generating a PW, and then copy/pasting it into the login because, for whatever reason, the iOS password integration doesn’t always work during signup even when it works later on for sign in.

    1) I may be making it harder on myself — that’s highly probable 🙂.
    Using Safari on MacOS, go to wordpress.com and log out if you're already a user.
    Create a new account https://wordpress.com/start/user
    Use 1P to generate a new password.
    No login has been generated yet since you haven’t logged in.
    In your email, click the verify email link.
    Now you can log out of the Wordpress site.
    Next, log in: https://wordpress.com/log-in
    Type in your email or username.
    For the Password, use the 1P extension to find the new password and fill it.
    Before proceeding, using the 1P extension, create a new Login.** * **
    Yeah, all should be fine. Even in 1P, it seems Fantastic.
    Log out. Go back to the sign in page: https://wordpress.com/log-in
    Fill in the credentials with 1P. It should work.
    Log out. Repeat, only this time, change the email or username for the other one (I switched email to username).
    Using the 1P extension, UPDATE an existing login.
    And now the password is Terrible.

    ** * **Instead of creating a new login, is there some way to convert the first password entity to a login entity? I’ve done it in the past, but the icon associated isn’t the one for the site. This is the reason I invariably use the “new login” option because it’s a heckuva lot easier to find passwords when the icons match the site into which I’m logging.

  • JimmyMtl
    JimmyMtl
    Community Member
    edited September 2020

    Don't use asterisks to bold a single asterisk. It seems to confuse the heck out of the comment system. 🙂

  • @JimmyMtl

    My apologies for the delayed reply. These are the steps I would suggest reconsidering:

    Type in your email or username.
    For the Password, use the 1P extension to find the new password and fill it.
    Before proceeding, using the 1P extension, create a new Login.** * **

    Instead, open 1Password for Mac, find the Password item created, and use the Convert to Login button to change this item into a Login. Add the username/email as appropriate when doing so. Then you can fill this Login on the sign-in page.

    I’ve done it in the past, but the icon associated isn’t the one for the site. This is the reason I invariably use the “new login” option because it’s a heckuva lot easier to find passwords when the icons match the site into which I’m logging.

    I wasn't able to reproduce that. When converting the Password item to a Login item the site's icon appeared as expected:

    If you mean the Password item doesn't have an associated icon... I find sorting my items by Date Modified in 1Password for Mac makes it much easier to find what I'm looking for. If what I want wasn't recently modified, I search, rather than scrolling.

    Just some tips that may or may not be helpful. :+1:

    Ben

This discussion has been closed.