Forum Discussion

dhalonen's avatar
dhalonen
Occasional Contributor
2 months ago

Password entropy

I would like to see the password entropy when creating a password. For example,

What is the strength of this? Consider this article: https://blog.syss.com/posts/passphrases/

It would be very helpful to have some confidence of the strength. Note this password generator doesn't provide any sort of length information. While the specific length may reveal too much information, if this could at least provide a some idea what the entropy is, its better than nothing. Even the character count of the generated password is good feedback.

As it is, this feature is designed for novice users and doesn't provide significant confidence when looking for fitting in with technical requirements. 

Finally, this random password:

was generated by 1Password. Rather than simply putting "Weak", given that the generation specs were known, it would be really helpful to include the entropy alongside of this. How "weak" is "weak"?

Thank you for the consideration.

authentication
checks
feature request

1 Reply

  • 1P_Dave's avatar
    1P_Dave
    Icon for Moderator rankModerator
    10 days ago

    Hello dhalonen​! 👋

    Thanks for the suggestion! 1Password uses a two step process to calculate password strength:

    1. We use zxcvbn to calculate the order of magnitude of the number of estimated guesses it would take to crack that password.
    2. We then map the result from step 1 to our own score with higher being a stronger password.

     
    This creates a password strength classification that tells you whether you should change the password to something stronger. While I'm not aware of any plans to add an entropy calculator/notification, I've passed your feedback along to the team internally. 

    -Dave

    PB-52111634