10 character *minimum* on master password?

edited February 2017 in Families

I'm a full stack web developer...I understand that short passwords are not secure against brute force attacks. That said, I'm dumbfounded that there is a required ten character minimum on master passwords. Because of this 10 character requirement, I'm going to have to choose (insert name of 1password competitor here) instead of 1password.

Nobody on the planet is going to try and brute force my 9 year old daughter's master password. If she, or I for that matter, want to make her master password "kitty3" so that it's easy for her to remember then that should be fine. I don't understand the logic in 1password absolutely requiring a 10 character minimum. A big red warning "this master password is very insecure! you should use at least 10 characters!" sure, I can understand that. But 99.99% of the population is never going to have to worry about brute force (and I'm sure 1password has great brute force protection anyway, right?)

I understand you all at 1password want to make the internet more secure, and that's great. But by not making your password manager accessible it would seem you're doing the opposite?

Rant over (...and now I'm off to (insert name of 1password competitor here))

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • primeprime
    edited February 2017

    Anything under 10 characters is bad. There are so many ways a kid can remember a master password.

    If you get 1Password for families, you can recover her account too if your child forgets their password.

  • brentybrenty

    Team Member
    edited February 2017

    @familycantuse: Indeed, and if your daughter has a parent like you who thinks about these things, don't underestimate her capabilities! Children are so much more advanced today then when I was a kid. They understand Snapchat! :lol:

    But in all seriousness, remembering a long, strong, unique Master Password is, unfortunately, an important life skill in today's day and age, and 10 characters is a good start. Of course, when our children are not using online accounts yet, then this is obviously less important. But then they really don't need a password manager at that stage either. ;)

    And, as prime mentioned, keep in mind that with 1Password Families (or Teams, but that may be overkill), an Organizer (yourself, or someone else you promote) can perform recovery in the event that a family member forgets their Master Password. So while we're not going to build 1Password with the assumption that "99.99% of the population is never going to have to worry about brute force", we've designed it so that there are ways you can help your family members who run into trouble. :)

  • I just find it interesting that you're forcing your customers to do something they may not want to do, assuming they all have the same level of security requirements, rather than give them the relevant information ("warning: passwords less than X characters long can theoretically be cracked in less than Y years of computing power") and letting them make their own choice. Off to a different password manager it is for us :/

  • FrankFrank

    Team Member

    Hi @familycantuse - I'm sorry to hear that. I understand where you're coming from having children of my own. We strongly believe this is the right approach to better protect our customers. Thank you for taking the time to share your feedback with us.

  • Actually 10 characters or less can be hours, not years to crack.

    As I suggested, have your child make a sentence or something. It's actually very easy to do this.

  • FrankFrank

    Team Member

    Thank you for the advice and assistance @Prime :+1:

  • @Frank anytime! My bill will be in the mail lol

  • FrankFrank

    Team Member

    @Prime, Tears of laughter :'( Thank you for that and I will remember to forward it to Dave. Enjoy the rest of your day!

This discussion has been closed.