Master password strength

On this URL: https://support.1password.com/strong-master-password/ you state the following:

"Your Master Password doesn’t have to meet any “password requirements”. If you’re not comfortable using numbers, symbols, or capital letters, don’t."

You lied. I am forced to make a password that's at least 10 characters in length. That's you password requirement. Because that master password never gets transmitted, I should be able to use a password that's only 1 character if I want to. Forcing users into a 10 character password is evil.

Plus, you lied to us. How can I trust you again?


1Password Version: 7.3.1
Extension Version: Not Provided
OS Version: 10.14.6
Sync Type: Not Provided
Referrer: forum-search:master password

Comments

  • MeekMeek

    Team Member

    Hi @jyork23,

    You're right - we should clarify that in the support page. I will talk with our docs team about making that happen.

    While you're correct that your Master Password is never sent to the server, it is used in conjunction with your Secret Key to encrypt your data. If you were to use a Master Password of 1 character, your Secret Key would help strengthen that encryption on our server so that if we were ever breached your data would still be safe. However, if someone gained physical access to your device, the Secret Key is stored locally on that device (this is why you only need to enter it the first time you sign in on a new device). As such, it is only your Master Password that is protecting your data locally on your device - this is why we have a requirement of at least 10 characters, to protect your local data.

    Thank you for pointing out this discrepancy in the support article, we'll get that fixed up!

  • khadkhad Social Choreographer

    Team Member

    Hello again @jyork23,

    Just wanted to follow up on this and let you know that I’ve corrected that paragraph. The original didn’t say anything about length, but I can understand the confusion. What was written there wasn’t conveying what we intended. This is what we meant when we wrote it, and the article has been updated to reflect that:

    Your Master Password doesn’t have to meet any specific requirements for numbers, symbols, or capital letters. If you’re not comfortable using them, don’t.

    We regret the error. Thanks for reporting it.

    Have a great rest of your week!

    —khad


    Khad Young
    Documentation and User Assistance Lead, 1Password
    https://support.1password.com/

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file