Forum Discussion

wurbaniak's avatar
wurbaniak
New Contributor
5 months ago
Solved

Password strength: fantastic vs. excellent for same password

I have accounts on Wikipedia and Wikimedia. They have the same password. 1Password rates that password as fantastic for the Wikimedia entry but only excellent for the Wikipedia entry. Any thoughts on this?

I would love to turn on 2FA for these accounts but 2FA seems only available to certain classes of users on these sites.

 

watchtower
  • 1P_SimonH's avatar
    1P_SimonH
    5 months ago

    Hi wurbaniak ๐Ÿ‘‹

    Good question that I had to do some asking around to figure out! 

    Part of the strength calculation is based on a password being randomly generated within 1Password. Is it possible you randomly generated the password for one of these items, then copied the password and pasted it into the other item? If so, even that act of the password being typed/pasted in and not being another randomly generated password is calculated as being less strong. If you want to learn more, there's an interesting blog post about this!

5 Replies

  • wurbaniak's avatar
    wurbaniak
    New Contributor
    5 months ago

    I only have two instances of reused passwords. Wikipedia/Wikimedia is one: the Wikipedia user gets sent to Wikimedia to change passwords. The other is my local water company and their billing company.

  • 1P_SimonH's avatar
    1P_SimonH
    Icon for Community Manager rankCommunity Manager
    5 months ago

    Hi wurbaniak ๐Ÿ‘‹

    Good question that I had to do some asking around to figure out! 

    Part of the strength calculation is based on a password being randomly generated within 1Password. Is it possible you randomly generated the password for one of these items, then copied the password and pasted it into the other item? If so, even that act of the password being typed/pasted in and not being another randomly generated password is calculated as being less strong. If you want to learn more, there's an interesting blog post about this!

    • wurbaniak's avatar
      wurbaniak
      New Contributor
      5 months ago

      Yes, I did that. I used 1Password to generate it for one account and then I knew I needed to copy it to the other login. Thank you for the quick, authoritative answer.

    • AJCxZ0's avatar
      AJCxZ0
      Silver Expert
      5 months ago

      How do we determine if a password was recognised as being generated by the 1Password client, distinct from passwords generated by the 1Password client but copied and pasted (e.g. due to broken signup or password change processes) or passwords created elsewhere?

      • 1P_SimonH's avatar
        1P_SimonH
        Icon for Community Manager rankCommunity Manager
        5 months ago

        Hey AJCxZ0โ€‹,

        Correction: There is a way to see where the password originated by looking at the JSON data.

        The JSON will contain all of the item in a 1Password item including your password, DO NOT send the item's JSON to us, post it in the 1Password Community, or save it in a file on your device as that means the password (and all other data in the item) will no longer be protected by 1Password.

        1. Open and unlock the 1Password app.
        2. Go to 1Passwordโ€™s Settings (click on the 1Password menu in the top-left then click Settings).
        3. In the new window select Advanced.
        4. Enable "Show debugging tools."
        5. Go to the item you want to know about in the main 1Password window.
        6. Select the more items menu button (it is the three dot menu in top-right of the item view).
        7. Select "Copy item JSON."
        8. Paste that JSON somewhere secure (like in a Secure Note in 1Password) and review it.

        In the JSON data, the pgrng being set to true tells you the password was generated by us and the pbe value is the password score based off that generator.