Skip to main content
July 9, 2025
Solved

Password strength: fantastic vs. excellent for same password

  • July 9, 2025
  • 2 replies
  • 280 views

I have accounts on Wikipedia and Wikimedia. They have the same password. 1Password rates that password as fantastic for the Wikimedia entry but only excellent for the Wikipedia entry. Any thoughts on this?

I would love to turn on 2FA for these accounts but 2FA seems only available to certain classes of users on these sites.

 

Best answer by 1P_SimonH

Hi @wurbaniak 👋

Good question that I had to do some asking around to figure out! 

Part of the strength calculation is based on a password being randomly generated within 1Password. Is it possible you randomly generated the password for one of these items, then copied the password and pasted it into the other item? If so, even that act of the password being typed/pasted in and not being another randomly generated password is calculated as being less strong. If you want to learn more, there's an interesting blog post about this!

2 replies

1P_SimonH
1P_SimonHAnswer
Community Manager
July 10, 2025

Hi @wurbaniak 👋

Good question that I had to do some asking around to figure out! 

Part of the strength calculation is based on a password being randomly generated within 1Password. Is it possible you randomly generated the password for one of these items, then copied the password and pasted it into the other item? If so, even that act of the password being typed/pasted in and not being another randomly generated password is calculated as being less strong. If you want to learn more, there's an interesting blog post about this!

AJCxZ0
July 10, 2025

How do we determine if a password was recognised as being generated by the 1Password client, distinct from passwords generated by the 1Password client but copied and pasted (e.g. due to broken signup or password change processes) or passwords created elsewhere?

1P_SimonH
Community Manager
July 14, 2025

Hey @AJCxZ0,

Correction: There is a way to see where the password originated by looking at the JSON data.

The JSON will contain all of the item in a 1Password item including your password, DO NOT send the item's JSON to us, post it in the 1Password Community, or save it in a file on your device as that means the password (and all other data in the item) will no longer be protected by 1Password.

  1. Open and unlock the 1Password app.
  2. Go to 1Password’s Settings (click on the 1Password menu in the top-left then click Settings).
  3. In the new window select Advanced.
  4. Enable "Show debugging tools."
  5. Go to the item you want to know about in the main 1Password window.
  6. Select the more items menu button (it is the three dot menu in top-right of the item view).
  7. Select "Copy item JSON."
  8. Paste that JSON somewhere secure (like in a Secure Note in 1Password) and review it.

In the JSON data, the pgrng being set to true tells you the password was generated by us and the pbe value is the password score based off that generator.

wurbaniakAuthor
July 10, 2025

I only have two instances of reused passwords. Wikipedia/Wikimedia is one: the Wikipedia user gets sent to Wikimedia to change passwords. The other is my local water company and their billing company.