What password for multiple mobile devices

Options
Jo_ann77
Jo_ann77
Community Member
in iOS

I am using 1pw for a while now and I love it.
I have no knowledge on the technical side of it, but perhaps just the lack of knowledge can give a different side on a subject from nerds like me.
So here comes my dilemma
After generating my 1pw (6) and recently added a extra security/difficulty layer to it by making a extra pw using diceware.
Diceware offers several languages so to make it even more difficult imho.
I feel this combines the best of both worlds.
Now here comes the q'n.
Is it a good idea to use part of my current 1pw for my mobile devices lets say 4 words.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben
    Options

    Hi @Jo_ann77

    Re-using any significant portion of a password is likely inadvisable, though some folks do use the same password to unlock all of their devices. The consideration there is whether you’d want someone who has the ability to unlock any one of them to be able to unlock the rest.

    Ben

  • Jo_ann77
    Jo_ann77
    Community Member
    Options

    Hi Ben,
    Hmm i was afraid this answer woud come.
    I find it very difficult to remember my 1pw and remember a new one at least 5 words long.
    At this moment I don't know what is wise to do.
    There Is the well known balance between rational and practical.

  • Ben
    Ben
    Options

    @Jo_ann77

    To clarify: we’re talking about the Master Password to unlock 1Password on these devices, and not the password to unlock the device itself? The Master Password to unlock 1Password should be the same on each device assuming you are signed into the same 1Password membership account on each, or are syncing with the same 3rd party service on each.

    Ben

  • Jo_ann77
    Jo_ann77
    Community Member
    Options

    Im puzzled to be honest due to my lack of good English, but it try again.
    It's about my master password not my 1pw.com pw but the one from my starter kit.
    So again should i use my full master password as my pw to unlock my mobile devices or just a part of my master password.
    Sorry to ask again

  • Ben
    Ben
    Options

    No problem. I’m sorry we’re having a bit of a language barrier. What is your native language? We may have someone on the team that speaks it and could better assist.

    It's about my master password not my 1pw.com pw but the one from my starter kit.

    Unless there is a configuration problem with your devices these passwords should be the same. Your 1password.com password should be what is listed in your starter kit / Emergency Kit, and that is the password that should unlock 1Password on each device. Can you please check if you have a Primary vault? In 1Password for Mac you can check this in 1Password > Preferences > Vaults or by using the vault switcher in the upper left hand corner of the main 1Password window. If you do have a Primary vault then 1Password unlocks using the Master Password of that vault, which may be (and likely is) different from your 1Password.com account password. For this reason we recommend not having a Primary vault, unless necessary.

    Ben

  • Jo_ann77
    Jo_ann77
    Community Member
    Options

    Im dutch sorry
    I think I now read the problem.
    It's not that I have a login problem with my mobile devices that all works fine so is the automatic filling of the sites I visit
    The q'n was (sorry it's my mistake) I want to use a password to enter my mobile devices (3) and what password should I use for that.
    So my master password has 7 words should I use the full 7 words as a login pw for my mobile devices or a part of that master pw say 4 words because this master pw is now chiseled in my brain and a new good strong pw is making things only more complicated. this is my qn

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @Jo_ann77: I understand. We recommend using the same Master Password everywhere. That will help you remember it, and also get used to typing it. But I will say that if you're using 1Password to generate a random word-based password, 7 words is overkill. So far no one has been able to guess a random three word password with the aid of powerful computers, and our recommendation for Master Passwords is four, as that's exponentially stronger. So if you've already got a long, strong, unique Master Password composed of 7 words chosen randomly, you may want to consider changing it to be only the first four words, since it sounds like you have already memorized that. Let me know what you think. :)

  • Jo_ann77
    Jo_ann77
    Community Member
    edited August 2018
    Options

    @brenty
    Ah finally the answer i was looking for
    The reason why i went for the six + diceware combo was that there is so much valuable info stored in my 1pw vault that i did my best to make it as difficult for the intruders as i could
    Again i have no technical knowledge and the link was fascinating to read, but Lets say using 7 pws gives me a bit of buffer as technologie increases all the time so is cracking pws
    Thanks for the info and making such a fantastic product it`s more and more becoming clear to me why so many people highly advised 1pw
    Now i know why 👍

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @Jo_ann77: Thanks for the kind words! Indeed, we're really passionate about this stuff. It can also be a bit counterintuitive to use a weaker password, but I'll try to offer some perspective. This is the entropy we get (possible password combinations*) with 4 words:

    log2(18000) = 14.135709286 <- bits of entropy per word (list is about 18,000 words long)
    14.135709286(4) <- length of password (number of words)
    = 56.54283716 <- bits of entropy total

    Because 1Password slows down guessing by using complex math that computers cannot accelerate efficiently, we're still talking centuries for someone to guess a four-word Wordlist password. That calculus can change over time, but we can also make changes to 1Password to compensate. For comparison, six words is 84 bits of entropy, which pushes it into the millions of years at least. And since we'll all be dead in either case, the one that's easier to remember and type which is still more than strong enough is a good option, I'd say. But that's me. More on that later.

    *Note that with all of this, I'm referring to 1Password's Wordlist option for generating passwords. Diceware is a bit different.

    You're right that having a buffer is good. I think that hundreds of years is a pretty good buffer, but we all need to decide for ourselves just how high we need to set the bar for our own security. Personally, I use seven-word passwords for a few things that I don't use often since I don't want to ever be bothered with changing them. But for my 1Password.com account's everyday Master Password, I'm using a much shorter one because it's more than sufficiently strong (centuries, again), and I can change it at any time if the technological landscape changes such that what I'm using now is no longer sufficient (but again, we can also make changes in 1Password to make it harder for attackers too). Anyway, just some food for thought.

    Now, coming back full circle, I have to ask: do you have a Primary vault on any of your devices? Those would be local vaults completely separate from a 1Password.com account, so that could cause some confusion for you if you're using both. Let me know and I'll be happy to help. :)

This discussion has been closed.