Login still showing as "weak password" after generating a new password with 1Password

I used the Watchtower tool to identify weak passwords. I generated new passwords with 1Password (24 characters with numbers and symbols, unless the site had lesser requirements) and saved those passwords. Those logins are still showing as "weak" / "easy to guess" passwords though. Am I missing a step to make these passwords stronger?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Weak password after generating a new password with 1Password

«1

Comments

  • Hi @ajacobs21e,

    Is there more than one password field on these items? Did the generated password get entered on the correct Login item? Does the last modification date show the change?

    Please let us know. :)

    Ben

  • ajacobs21e
    ajacobs21e
    Community Member

    Hi Ben,

    I checked the first 10 items in my Weak Passwords list. They all only have one password field and it's the generated password. The last modified date is correct.

    Thanks,
    Allie

  • ag_ana
    ag_ana
    1Password Alumni

    @ajacobs21e:

    Can you please share the exact steps that you are following to make this happen, from beginning to end, so we can try them here and see if we can replicate the issue? Thank you!

  • ajacobs21e
    ajacobs21e
    Community Member
    edited February 2020

    @ag_ana
    1. Go to weak passwords list in web app
    2. click 'open' on the website field
    3. go through that site's change password flow
    4. generate new password with 1PasswordX
    5. select 'save & fill'
    5. update login
    6. check weak passwords list in web app to see if that login was updated
    7. I can see the updated password, the nearly full strength bar, and the updated time is correct but I still see the warning message that the password is weak.

    I've since deleted 1PasswordX and am instead using the browser extension based on advice from other users. I just tried that flow again but this time for a reused password and everything seemed to work. The web app was updated almost instantly and that login isn't in the reused passwords section anymore.

  • kaitlyn
    kaitlyn
    1Password Alumni
    edited April 2020

    @ajacobs21e – Thanks for letting us know you were running into trouble, @ajacobs21e. I just gave your exact steps a try, and I wasn't able to reproduce the issue myself. After updating a password and immediately switching back to the tab showing Watchtower in the 1Password web app, the item with the updated password was no longer in the list of weak passwords. Do you recall if the password was 24 characters of letters/numbers/symbols, or did it have specific requirements that it needed to follow?

    I'm glad to hear that the companion extension is working out better for you. You have the option of using either that extension or 1Password X. If you're noticing the issue continuously creep up every time you edit a password, please let me know what website URLs you're noticing it with so I can attempt to reproduce it.

  • tom_shell
    tom_shell
    Community Member

    I'm also seeing this behavior on local installs. Not sure if there is some sort of significant lag in the sync or if there is just a bug. I have several logins with weak passwords that Watchtower identified on my Mac App, but all were updated to strong passwords. In fact, if I open the login, 1password indicates that the password is indeed strong. So why does Watchtower mistakenly ID this?

  • kaitlyn
    kaitlyn
    1Password Alumni
    edited April 2020

    Hi @tom_shell! 👋

    Thanks for getting in touch. This is the 1Password X category, so I just want to make sure that you're using 1Password X first. If not, just let me know. I'm still happy to help or pass you off to someone who can, but I want to make sure I'm testing the right apps first. I tested the steps to reproduce that the OP shared in this comment, but I'm still not having any luck in reproducing the issue. That said, you mentioned the 1Password for Mac app, which wasn't in the original report. If you could go as far as listing out the steps you're taking to reproduce the issue, it'd be greatly appreciated!

  • eelliott
    eelliott
    Community Member

    I'm having exactly the same issue (change weak password using same steps as prior user). Using 1P 7.4.138 on Windows, synced with iPhone & iPad. The new strong password (4 sets of words) is replicated to all devices and web, but shows on all devices & web as still "weak". This is after reboot of PC, restart of mobile devices, etc.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @eelliott ,

    Are you using 1Password X in your browser? Is that where you generate these passwords and save them? Or are you using the companion extension that connects to the desktop app?
    Also, your desktop app is rather outdated, so you might want to update it. Should be on 7.6.778.

  • eelliott
    eelliott
    Community Member

    Hi, I dont know what 1P "X" is?? I've only ever used desktop app (with companion apps on iPad & iPhone). I use the extension in Chrome & Firefox. Im at 7.6.779 on desktop app.

  • ag_ana
    ag_ana
    1Password Alumni

    @eelliott:

    1Password X is our latest version of the 1Password extension that runs entirely in the browser. Since you posted your comment in the 1Password X forum, we assumed that was the extension you were using.

    If you are running the companion browser extension, this is a known bug and our developers are aware of it :+1:

  • eelliott
    eelliott
    Community Member

    Ok thx, I had no notice of move to "X". How do I obtain/use this?

  • @eelliott

    Additional information can be found here:

    Get to know 1Password X

    :)

    Ben

  • eelliott
    eelliott
    Community Member

    Thanks Ben, I've swapped out the older extension for X on both Chrome & Firefox, will use this going forward.

  • ag_ana
    ag_ana
    1Password Alumni

    Sounds good @eelliott! :+1: If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • eelliott
    eelliott
    Community Member

    After using 1PX for a few days I have two comments/observations: 1) each time I go to use X I have to sign in with my Master Password. That is very clumsy (I did not have to do this with the old extension). As for security reasons I have a very complex Master Password it's difficult to sign in. I use fingerprint to log in on both PC and all mobile apps - usually only have to type in Master Password after a system reboot. Is there any way to improve this functionality? and 2) 1PX falsely detects fields in a web site that it thinks is a password field and pops up a drop down - that will not go away!! - preventing me from typing in the info I need to. Is there a way to "train" 1PX to not attempt to fill that field?

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @eelliott ,

    1Password X cannot access your computer's fingerprint scanner (yet), so unlocking it with a Master Password is the only way to go.
    You can adjust the auto-lock timer settings by clicking 1Password X's icon on the top right corner of your browser and select "Settings". However, 1Password X will lock whenever you close down the browser completely, regardless of that timer. For 1Password X, when you close the browser it is like you are restarting the computer, since it is an extension that is limited to the browser's environment and cannot tell what happened after the browser was closed.

    As for the website where 1Password shows up even though it shouldn't - is it a public website? If so, I'd like to test it here and see what you are experiencing exactly so I can determine the best course of action, so do share the link if possible.
    In the meantime, here are a few suggestions on what you can do:

    • You can press the ESC key on your keyboard to dismiss 1Password X's inline menu when it shows up.
    • You can click the "Suggestions" section at the bottom of the inline menu when it shows up, then scroll down and select "Hide On This Page", which will make 1Password not show up on that website until the next browser restart.
    • You can go to 1Password X's settings and turn off the inline menu and suggestions (under the autofill section), but that will turn off the inline menu on all websites and might hurt your experience.
  • eelliott
    eelliott
    Community Member

    Ok thx for info. I will try the ESC sequence and see if that helps. The website is HelloFax. The login is fine, it's when I go to insert the recipient phone number that 1P thinks it's a password field and covers the field with the Suggestion drop downs.

  • ag_ana
    ag_ana
    1Password Alumni

    @eelliott:

    The login is fine, it's when I go to insert the recipient phone number that 1P thinks it's a password field and covers the field with the Suggestion drop downs.

    Thank you for the details. Do you have a direct link to a page where we can see a phone field?

  • eelliott
    eelliott
    Community Member

    https://app.hellofax.com/home/index

    (you may have to make a dummy acct to log in to get to this page as it's after login. I've included a screen shot.

  • eelliott
    eelliott
    Community Member

    I did try the ESC and that works. Thanks for the tip.

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @eelliott ,
    Thanks for the update and additional info.

    I've tested this website and saw the issue you mentioned, it occurs because the field is defined as an email field (although it also accepts phone numbers, so it should be of type "text", strange design choice).
    I'm glad to say that our latest 1Password X beta contains an update that will prevent itself from showing up in that field, so the next update to the stable version of 1Password X will also contain that fix and hopefully you will be rid of that issue :)

  • eelliott
    eelliott
    Community Member

    Thx for continued vigilance. :)

  • ag_yaron
    ag_yaron
    1Password Alumni

    It is our pleasure :)

  • ajacobs21e
    ajacobs21e
    Community Member

    @kaitlyn I am still having this same issue. The password is showing as green / full strength bar but is still flagged as weak. Is there a fix for this yet?
    Screenshot with my personal data removed:

  • ag_yaron
    ag_yaron
    1Password Alumni

    Hey @ajacobs21e ,

    I tested what you are showing in your screenshot as follows:
    1. I created a new account with a new password using 1Password X on Pinterest and saved it.
    2. I checked the 1Password app on my Mac to see if it is marked as weak - it wasn't.
    3. I went into my account's settings on Pinterests and got to the "change password" page.
    4. I opened 1Password X, went to the generator and created a new 15 characters long random password with digits and symbols, then updated it on the website and saved it.
    5. I went to 1Password 7 on my Mac to see if it was marked as weak - it wasn't.

    Can you let me know which version of 1Password 7 you're currently running, and if the steps you took were any different than mine?

  • ajacobs21e
    ajacobs21e
    Community Member

    Hi @ag_yaron ,
    I'm using v7.7

    The majority of my passwords were imported from LastPass.
    My steps were
    1. go to my.1password.com and check my weak passwords
    2. update any weak passwords in the list
    3. check my weak passwords list again - they're still there, even after a page refresh and waiting

    It's possible that some of my passwords were generated by 1Password X but I would have to individually check them to know.

    Thanks

  • ag_yaron
    ag_yaron
    1Password Alumni

    Thanks for the additional info @ajacobs21e .

    Can you please be more specific on where did you update your weak passwords and how?
    Did you simply edit them on my.1password.com or did you open the 1Password 7.7 desktop app, edited the item and changed the password?

    When you say that the passwords were still there after editing, do you mean the previous passwords that you had before editing were still in place?
    If you can provide me with a step-by-step instructions on your exact actions and clicks (and where you perform them) so I can follow them and try to replicate what you are experiencing that would be best.

  • ajacobs21e
    ajacobs21e
    Community Member

    @ag_yaron are you able to see my comment from Feb 21?

    I went to each website and changed my password. I generated the new password with the 1Password browser extension and then chose the option to "update existing" login.
    When I go to view that new login on my.1password.com, I see the new password (24 characters long with numbers symbols etc) but it's still flagged as a "weak password".

  • kaitlyn
    kaitlyn
    1Password Alumni

    @ajacobs21e – Shoot! Sorry to hear that you're running into the same issue you hit earlier this year. That's a huge bummer, but I'm still unable to reproduce on my end. Would you mind sharing one of the website URLs where you're able to reproduce the issue? I'd like to attempt to create a dummy account and see if I can reproduce after following the same steps on the same website. Just to make sure we're on the same page, here are the steps I'm taking:

    1. Open https://my.1password.com and navigate to Watchtower > Weak Passwords.
    2. Click Open on the website field.
    3. Sign in to the website, and navigate to the password change form.
    4. Generate password with the 1Password browser extension (it sounds like you're using that extension rather than 1Password X now).
    5. Choose Update Login when the pop-up appears.
    6. Switch back to https://my.1password.com. I then see an error that says the item I had selected can no longer be found (because it's no longer considered a weak password).

    I tried the same steps with 1Password X, and I couldn't reproduce the issue there either. I get the same error as soon as I update the item.

This discussion has been closed.