Password strength meter does not seem to recognise if password and username is same.

ernestjw
ernestjw
Community Member

I have a few accounts which are unimportant to me. Usually because they are internal or because the are meant for testing. For one of those I used for the username an email address and for the password I used the same.

Now this would be very unsafe in most situations, however 1password does not see it as such, it even tell me the password strength is excellent!!

cheers,

Ernest.

Comments

  • ernestjw
    ernestjw
    Community Member

    Note: this is also so on windows.

  • sjk
    sjk
    1Password Alumni

    Hi, @ernestjw.

    Thanks for reporting this issue. I've added it to our tracker, plus a related idea:

    Maybe the Weak Passwords Security Audit could have a special section to identify items with passwords that are also being used as usernames (and possibly in other fields)?

    The intention is to determine if passwords from any items are reused as usernames for those and other items. These passwords aren't necessarily weak on their own. It's their reuse in other contexts that potentially weakens them.

This discussion has been closed.