Strong passwords categorized as weak

Options
Doomro
Doomro
Community Member
in Mac

Hi!
In my Watchtower, I have several passwords that are categorized as "weak" even though they are random password of 21 characters generated with 1Password. I tried changing one of them with a new 24 characters password and I still have the same behavior.
I see that both on the desktop and the web version.

I also found some inconsistencies where some passwords are vulnerable on the web version and not on the desktop one.

Thanks!
Quentin

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Doomro
    Doomro
    Community Member
    Options

    This is the whole scenario on how that happened to several of my passwords:

    • I switched from Dashlane to 1Password
    • I imported around 100 passwords that for the most part wer weak
    • I also added some other weak passwords by logging in on websites and also manually
    • I used the watchtower to detect the ones that are weak and changed them all
    • At the end most of them disappeared from the weak category but some remained even with a strong password.
  • ag_ana
    ag_ana
    1Password Alumni
    Options

    Hi @Doomro! Welcome to the forum!

    What version of the 1Password app is this happening with?

  • Doomro
    Doomro
    Community Member
    Options

    I just updated to
    1Password 7
    Version 7.4.3 (70403002)
    1Password Store
    and have the same issue

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    @Doomro:

    Out of curiosity, when you select one of these items, does the password strength next to the password field show that it is strong, or do you see the weak indicator even here, and not just in the Watchtower warning?

  • Doomro
    Doomro
    Community Member
    edited February 2020
    Options

    The password strength is weak. I have 7 passwords in that situation right now.

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    @Doomro:

    What version of the 1Password browser extension did you use to generate these passwords?

  • Doomro
    Doomro
    Community Member
    Options

    I have 4.7.5.90. I just tried again, changing my password with a generated one for one for my 7 weak passwords and it is still categorized as weak.

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    @Doomro:

    Thank you for the confirmation. I am not able to reproduce this issue on my machine, so I have reached out to the team to see if someone else has seen this, or is able to reproduce it.

  • Doomro
    Doomro
    Community Member
    Options

    I tried deleting the item completely from 1Password and adding it back with the same password and it is not categorized as weak anymore. Even though it is exactly the same fields.

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    @Doomro:

    Thank you for the update. That is interesting, but I am glad to hear that this helped at least. I will reach out to you if I hear an update about the behavior you originally saw.

  • Doomro
    Doomro
    Community Member
    Options

    Thanks!
    Other thing I have noticed if that I have 2 passwords that are vulnerable on the web version but not on the desktop one. Therefore, they are marked as weak on the web and not on the desktop one. (I have tried up updating the compromised websites list)
    Moreover, weird thing, I cannot see the password strength for those 2 passwords on the desktop app, the indicator is not there.

  • Doomro
    Doomro
    Community Member
    Options

    Also, now I have one strong one marked as weak on the web version but not on the desktop one.

  • Ben
    Ben
    Options

    @Doomro

    Thanks for the update. We'll continue to investigate this situation. For the short term I'd recommend saving a new login item for the affected websites:

    How to save a Login manually in your browser

    If you do that, do the password strength indicators appear?

    Ben

This discussion has been closed.