1P8 Password Generator Strength Good versus Fantastic

Hi @BobArch2! Thanks for reaching out about this - I'm glad to hear that all is well, and you've been able to figure out a method to maintain a Fantastic rating for your ISP-related passwords. If you have any further questions or concerns, let us know! 😄

Thanks for the assist here in providing the relevant information Former Member!

Former Member A bit of background. I have worked in the tech (computer) environment since 1958. I have had PCs since the introduction of the IBM beast in 1985 and have used various spreadsheets since that time. Currently Excel, from the time it was introduced. I use Excel to capture all information about web sites needing passwords. And in a secured home environment behind firewalls to protect from intrusion. This activity started before I subscribed to 1Password.

It was April 2014 when I subscribed to 1Password … 1Password 3 for Windows v1.0.xxx. With my annual subscription, I have upgraded over the years and I am running current versions on my PC, iPad and Android phone … all well protected.

I can fully understand the two rating algorithms but was having difficulty maintaining a “Fantastic” rating with the various passwords I have with my ISP - Bell Canada. Yesterday, I stumbled on the procedure to use in order to maintain the “Fantastic” rating. All is well in my world. :-)

I have full faith in 1Password … best in class in my opinion. Using Excel to keep information handy is a form of backup.

Respectfully,

Bob

@BobArch2 Storing your credentials in a spreadsheed "for reference" is horrible from a security point of view. And it's tedious, probably unneccessary work. It seems you don't actually trust a password manager to keep your credentials safe.

The reference I posted tells about the rating of a password directly created inline in the password field of the 1Password app. Not a password that was generated inline, copied somewhere, and pasted back. The moment you paste a password into the password field (or edit the password) the password loses its property of being "generated from true random charactes" to "unknown, if generated from random characters", because pasting a password doesn't copy this informating along, and this is what the rating lowers.

If you paste a password, the rating function doesn't know if the pasted password was once created using true randomness, so it cannot give the best rating. If you create the password inline with the integrated generator and directly save this created password, the rating function knows that the integrated generator was used to create this password, the generator uses true randomness, and this is what it enables the function to give a better rating.

Former Member Thanks for the link feedback. Too bad a 1:1 copy of the password does not merit the same rating descriptive. I maintain a spreadsheet of all my passwords, current and past for each of my 200+ web accounts. I use the generator to create an appropriate PSW for the web site and store it in the spreadsheet for future reference. I sometimes use it as a backup if I have an issue with the web site. Later on when in 1Password I have noticed that the rating is downgraded. I was thinking that perhaps 1Password have or had modified the rating algorithm.

Thanks again…

@BobArch2 I once asked the same question, and this was the answer that explained the behavior of the password rating that appears strange, but is mathematically correct:

https://1password.community/discussion/comment/617005/#Comment_617005

tl;dr:
You don't even need to change some character. You can just copy and paste a generated password verbatim from one entry to the other. The generated password in the original entry is rated fantastic, the copied password (1:1 the same) is rated excellent, and from a mathematical point of view, both ratings are correct!

AliH1P and ag_mike_d ... is there still an issue regarding the password strength indicator when using the 1Password Generator vs a user defined password? Example: I use the generator to create the password, save it in the app and it shows as Excellent or Fantastic. Then I edit the password and replace, say an upper case character with a special character and after saving it the strength is downgraded. I am running 1Password v8.9.10 on Windows 10 Pro fully updated

Hooray!

Hey nukmicah, thanks for sending along that JSON file. I was able to reproduce this issue on my Android device and worked with our team to identify the cause. I've filed an internal issue for our developers to investigate further and get this fixed in a future update! We greatly appreciate you bringing this to our attention 😄

Let me know if there's anything else we can help with!

Ali

ref: dev/core/core#17426

My home computer is working as expected, too. So it's just my phone that has the issue. And then your explanation of the difference between an auto-generated password, and an auto-generated password that's manually copied into another entry.

Details are not confidential, since I am testing with brand-new logins. I am not able to reproduce the behavior on my Windows work computer (I get Fantastic strength for the autogen passwords), but am able to reproduce on my Android phone and have copy-pasted the JSON below. Again, it's not anything private or sensitive.

If you do have to delete this info just in case due to whatever policies you may have, should I send this to mailto:support+android@1Password.com or still mailto:support+windows@1Password.com?

I am on my work computer right now, but I originally tested this on my home computer so I'll try to remember to test on that again this weekend. It's quite possible I manually entered the password after taking that screenshot, as I never would have guessed you to automatically rate generated passwords higher than regular passwords.


{
"overview": {
"title": "Phone test",
"ainfo": "—",
"ps": 57
},
"details": {
"fields": [
{
"value": "@F_X!uc937_@*",
"id": "",
"name": "password",
"type": "P",
"designation": "password"
}
]
},
"createdAt": "2022-09-09T17:40:06Z",
"updatedAt": "2022-09-09T17:40:06Z",
"faveIndex": 0,
"trashed": "N",
"templateUuid": "001",
"uuid": "6fons7pedkon4d2g6o3ku7gxau"
}