Lower Master Password requirement [minimum is 10 characters]

SystemSystem

Team Member
This discussion was created from comments split from: change suggested password length.

Comments

  • A slightly similar request for the master password. I noticed recently that my mother is pretty much reusing the same password for all the services she is registered to (she actually is using 2, where one of them is all numbers, which she uses whenever she can get away with it). So I'm trying to get her to use 1password so she can use the one password she can remember to unlock 1password and then different passwords can be used on different services. The problem is that the one password she remembers is 8 letters long and is too short to be used as the master password. I wish there was some option to let me override the rule for the master password knowing that it's less safe because her current practice is way more dangerous without it.

  • brentybrenty

    Team Member

    @muhhy: I've moved your comment to a new discussion since it doesn't relate to the Suggested Password feature in 1Password X.

    We don't have any plans to change the 1Password service to allow weaker passwords than 10 characters. Give your mom some credit: if she can remember eight, I bet she can remember two more! ;)

    But in all seriousness, if we allow for weaker passwords than that, it would affect many more people, who would take the opportunity to use a weaker password than they would otherwise. And, frankly, it may be irrelevant anyway since any Organizer in your 1Password Families membership (you, I'm guessing, for example) would be able to help a family member recover their account even if they forgot their Master Password.

    I know that's not the answer you were probably looking for, but I hope it helps. :)

  • BenBen AWS Team

    Team Member
    edited April 9

    Too add to what brenty mentioned, this guide has some tips that may help:

    How to choose a good Master Password | 1Password

    For example it may be easier to remember words than it is to remember characters (e.g. bloom-statuary-softly-unlike vs 06xJ6Mnw1wy). The trick is to use random words. Generally I recommend a Master Password of at least 16 characters, so even 10 is quite low.

    Ben

  • @brenty: Yes, I agree. I don't doubt that my mother can remember 2 more characters. I even can care less if she writes down the master password on a post-it note and sticks it to the wall, where not too many people outside the family can see, as long as she stops using the same password online over and over again.
    The thing is, she’s not willing to do so since she has already made up her mind to choose the same password whenever a password field is given.
    I guess I have to talk her into adding 2 more letters, or just type in the password twice or something. But I hope you understand how people can get stubborn with their habit especially when they're old and want to make excuses not to break it.

  • BenBen AWS Team

    Team Member

    I understand, but I hope you likewise understand that we can't lower the password strength requirement, potentially lowering the security of 1Password, for the stubbornness of a handful of customers.

    Ben

  • brentybrenty

    Team Member

    I definitely understand stubborn. :lol: It really depends on the person, but for some people (myself included), Ben's suggestion above for using a random word-based password feels like remember fewer things -- e.g. 4 words versus 10 characters. Some people use Master Passwords made of up random characters of course, and use mnemonics to remember them (i.e. making up a story to go with it or something). The important thing is using a strong password that you can remember, and there is no one way of doing that. We just don't want to facilitate people using super weak passwords. :)

  • Have her use the ingredients of her favorite recipe.

    "1cupbrownsugar"

    You could even hide it in plain sight. Have her copy it and paste it from a note of other recipes.

  • ag_anaag_ana

    Team Member

    @Zoup There are several ways to achieve this, but I agree that in general, remembering a longer word-based password is much easier than remembering a shorter random combination of characters :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file