Forum Discussion
Former Member
3 years agoPassword re-assesed from "Fantastic" to "Terrible" by Watchtower
Hello,
This message is rather meant as information for 1Password users than a question (as the topic was discussed this week with 1Password support via email).
Last year I created a password for my broker account using 1Password engine. Because at least 1 number and 1 capital letter were required, I have added a number and changed one letter to a capital. This week I recognized that the password is assessed as "Terrible" by the 1Password Watchtower (see the screenshot
The initially generated password was "qigwu-rizxev-kapcun". After modification, it changed to "qigwu7-rizxeV-kapcun". In this case, the modification should keep/upgrade the password, not downgrade it to "Terrible" (in my opinion).
I have contacted the 1Password support and got a reply "...if you type your own password, modify a generated password, or even copy a generated password from another source and add it to 1Password yourself, the rating will go down because 1Password has no way of knowing that it's truly unique and random." I am not of this opinion in this particular case. To be assessed as "Terrible" you need a password like "house" or "123456". That's far away from "qigwu7-rizxeV-kapcun"
I believe there are 3 options:
1. 1Password engine generates weak passwords, and Watchtower correctly assesses low password quality (that would be scary)
2. Modifying or inserting your own password leads to an assessment of a "Terrible" because 1Password has no way of knowing that it's unique and random.
3. There is a bug in the Watchtower assessment algorithm - even strong passwords are assessed (at least in some cases) as "Terrible".
I am not a crypto expert, but I think the 3rd option is correct. Still, it was not confirmed by 1Password team (although I raised it). I have created a test login in 1Password and inserted my "Terrible" password "qigwu7-rizxeV-kapcun". It was assessed as "Fantastic" (see below). The same password is assessed (at the same time) as "Terrible" and "Fantastic". I guess there is some improvement opportunity. If so, users should not be automatically stressed if password is assessed as low-quality.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided