Different password strength rating for same item in browser vs. Mac app
Hi, I've noticed that when I view the same login via 1Password in the browser vs. 1Password in the Mac app, the password strength is rated differently. For example, my Amazon password is listed as "good" in the browser, but "terrible" in the Mac app. Have I set something up wrong? What accounts for the difference?
1Password Version: 7.2.2
Extension Version: Not Provided
OS Version: High Sierra (10.13.6)
Sync Type: Not Provided
Referrer: forum-search:different strength in mac and browser
Comments
-
Welcome to the forum, @grazedknees! My guess is that you may have copied the password, or manually edited/imported it from elsewhere? Calculating password strength is actually a lot trickier than you might imagine, given how many different ways there are to assess what relative strength means. When a password is copied or manually edited, we lower the score because we can no longer be sure how randomly it was generated, and we can't go on simply the number of characters.
We're at work on some refinements to the password strength evaluation, but for now, the best practice is to use 1Password's own password generator; since the entire point of 1Password is that you no longer have to remember the vast majority of your passwords, you can create long, truly random (and NOT memorable) ones, which are very strong.
0 -
Hi @Lars! Thanks so much for responding. I totally appreciate the difficulty of calculating password strength, and I definitely plan to switch things over to generated passwords over time. (I'm new to 1Password, so I'm just trying to get things into the system to start with!) The part I'm really curious about is the different ratings in the browser vs. Mac app, rather than the rating itself--are y'all using different calculations for password strength in different applications?
0 -
@grazedknees - yes, unfortunately. They were created by the app teams originally, not as a central resource. That's one of the things we're looking to change in upcoming updates, but as I mentioned earlier, accurately calculating password strength (or, rather, deciding upon a rational set of grounds upon which to base calculations) isn't as 1-2-3 as it might seem. It is on our radar screen, however.
0 -
@Lars, gotcha, that makes sense. Thanks for your help!
0 -
@grazedknees - you're quite welcome! :)
0
