Toward Better Master Passwords

1Password is great for generating strong random passwords for sites without you ever having to memorize (or even see) those passwords. But there are a few passwords that we all do need to remember. I have a small number (I wish I could say just one) high security passwords that I need to remember. One, of course, is my 1Password master password.

Your 1Password master password is extremely important. Although we take steps to thwart automated password crackers you should still use a strong, memorable master password. Password cracking tools are becoming more powerful every year, and too much is at stake in your 1Password data. Given the strength of the encryption we use, your master password is likely to be the weakest link in your 1Password security. Don’t be too scared of that. Given how strong everything else is, it would be practically impossible to use and remember a master password that is actually stronger than 1Password’s encryption.

This is going to be a very long blog post, so I’d like to start out with a few points to keep in mind

  1. We are not seeking perfection. Instead we need to find ways to improve master passwords if they aren’t currently very strong.
  2. Many of the schemes that people (including myself) have proposed in the past suffer from a major flaw.
  3. No matter what you read here, always keep in mind that a master password that you can’t type or remember is terrible choice of master password.
  4. This discussion applies only to 1Password data on the desktops or stored in the cloud. Master passwords for 1Password on iOS do not need to be as strong as master passwords on the desktops. [Update: Since 1Password 4 for iOS was introduced in December 2012, the same Master Password is used on all of your devices.]

Change a weak master password, otherwise leave it be

Change master password window

We’ve all been told to change passwords on a regular basis, and there are still some circumstances under which that remains reasonable advice. But it is not a good idea with 1Password master passwords. Ideally you should pick a good master password at the outset and never change it.

Passwords in need of changing

Everybody knows to avoid short, common passwords or dictionary words (in any language). The world’s most common password, 123456, is, of course, terrible. But even things like Sally4th or like Molly&Patty2 (the names of my dogs) are not really strong enough for something as important as your 1Password data. The latter is just of the form NAME & NAME DIGITS which password guessing programs do get around to checking.

You can change your master password in 1Password by going to Preferences > Security and clicking on the “Change Master Password” button.

After you change your master password

It is extremely important that you learn your new master password, and you learn it through practice.
Go to the Security preference pane again and set “Auto-Lock” on and to a short time. Maybe just 5 or 10 minutes. This will mean that you will have to type in your master password more frequently, but that will help you learn it. After a few days, you can then set the Auto-lock time back to something less annoying.

Also – and this may sound like heresy even though it is sound security advice – when you change your master password, you can write it down on a slip of paper and put it in your wallet. Once you no longer need to refer to it, you can destroy the piece of paper.

A walk through of a password creation system

The challenge that we face is to have master passwords that not going to be guessed by password cracking programs, yet we mere mortals are capable of remembering and typing without it being a burden.

What makes this a particular challenge is the fact that the bad guys know at least as much about how people pick passwords as we do. They are not only reading the same password picking advice that gets posted in places like this, but they have studied millions of stolen passwords.

Here is an important principle that we need to keep in mind:

The strength of a password creation system is not how many letters, digits, and symbols you end up with, but how many ways you could get a different result using the same system.

Don’t worry if this principle doesn’t make sense yet. It should start to after I walk through an example.

I have two dogs: Molly and Patty. Suppose I wanted to make a master password from that and came up with Ihave2dogs:Molly&Patty. With that as an example, I’ll work through why that isn’t as good as it might first appear. (It looks good at first because it is long, has mixed case, and has punctuation.)

Use spaces to make things easier for you

1Password master passwords can include spaces. So you can make things easier to type and remember by using spaces (even though it adds little to the actual security). So our first improvement will be to change this to I have 2 dogs: Molly & Patty

Don’t tell the the truth

If your master password is to be based on something meaningful, remember that there are more ways to lie than to tell the truth. There are more ways for me to lie about my pets than tell the truth, and so I should use a lie. So let’s try, I have 3 bats: Larry, Moe & Curly.

Don’t make sense

There are more ways for a sentence to not make sense than to make sense. So let’s change my three bats to thirty-five bats, but still list three: I have 35 bats: Larry, Moe & Curly

Avoid predictable phrases

For those of us of a certain age and steeped in American culture, once we begin a list of names with “Larry…” following it with “Moe and Curly” is very predictable. So even though the Moe & Curly add 11 characters to the password, those 11 characters are so predictable that they add very little actual strength. Even though it is shorter, using I have 35 bats: Larry & Amy is actually stronger than I have 35 bats: Larry, Moe & Curly.

Along the same lines, the “e” after “I hav” isn’t doing much good either. Because it is easily guessable from the rest of the password it isn’t actually adding much strength. There is nothing wrong with that “e”, but I’m mentioning it to help illustrate the point that the number of ways things can be different is often more important than length itself.

Avoid secrets or things that are personally meaningful

The more personally meaningful something is to you the fewer alternatives there are. There are more things that don’t have personal meaning to you than do.

In particular avoid personal secrets. Twice in my life when I’ve been asked to find weak passwords where I worked, I had the embarrassing task of telling my friends and colleagues to change passwords that also revealed their secret crushes. Also there may be a time when you actually do need to reveal your master password to a loved one. When I spot passwords like IloveUVicky along with the owner’s email address among 26000 email addresses and password exposed from a pornography site, I certainly hope that this won’t cause too much trouble for the owner.

Obvious punctuation is obvious

Capitalizing the beginnings of words or changing “for” to “4” really doesn’t add much security. Remember, if you can think to do this, the people who write password cracking systems have already done the same. Unfortunately adding punctuation in truly random manner makes the password too hard to remember. Certainly add the obvious punctuation, but recognize that it doesn’t strengthen your password as much as it might appear.

What we’ve learned from this example

At every stage in working though this example, we made some real improvements. Remember that we are not trying to reach perfection here; we are looking instead to create better master passwords that remain usable. Do not create trouble for yourself by picking a master password that is too difficult to type or too hard to remember.

But we have also learned that human behavior really isn’t very random. The schemes we come up with can be coded into password cracking systems. A good master password is not just limited by what a human can remember, but it is also limited by what a human can create. We can get digits and punctuation into passwords easily enough, but our selection methods involve a lot of predictability. Human behavior is more predictable than we like to imagine. That predictability can be exploited in password guessing programs.

Roll the dice to avoid predictability


If people are so predictable, how can we create memorable passwords that aren’t predictable? It turns out that Arnold Reinhold published a solution to this back in 1995 to help people create strong and memorable pass phrases for PGP. It’s called Diceware.

Because words have meaning, we can remember a sequence of words even if it doesn’t create a meaningful statement. And because there are many more words than there are individual characters, selecting a random sequence of five or so words provides a hard to crack password.

Reinhold produced a list of 7776 short words or sequences (that is 65 for people who care about such things). A word can be selected from the list by rolling five dice (or rolling one die 5 times). Here is a small excerpt from the English Diceware Word List.

  35443  knew
  35444  knick
  35445  knife
  35446  knit
  35451  knob
  35452  knock

If you roll your dice and get the sequence 3 – 5 – 4 – 5 – 1, then your Diceword would be “knob”. Another five rolls of the dice will get your next word. If you rolled 3 – 2 – 6 – 5 – 6 then your next word would be “hike”.

The great thing about Diceware is that we know exactly how secure it is even assuming that the attacker knows the system used. The security comes from the genuine randomness of rolling the dice.  Using four or five words should be sufficient against the plausible attacks over the next few years given observed speed of password crackers. [Updated October 2, 2013]

For those who really want to use this system and get the most security out of it, you should combine Diceware with your own private system. Create a short random password, including digits and symbols and use that in place of one of the dicewords in your final password. So going back to my dogs, Molly and Patty, I might create a weak password like 2dM&P, and suppose my rolls of the dice gets me cleft cam synod lacy, I could then create a master password like cleft 2dM&P cam synod lacy, which would be a very good master password. With repetition, it is something that you can learn to type quickly.

In Conclusion

I would like to remind you of some crucial points I made near the top:

  • We are working toward better passwords, not perfect ones. You should take only as much advice from this as you are comfortable with and no more. Remembering and typing in your master password should not become a chore.
  • If you do change your master password, practice with it regularly so that you don’t forget it. Don’t be afraid to write it down on a piece of paper for a while if you keep it in a safe place.
  • The kinds of master passwords that you need depend on who may try to break it. Even though a typical criminal may have access to sophisticated cracking tools, it is unlikely that they will dedicate hours – much less days, weeks, years or decades – to your particular data.

Related (later) articles

  • This article was followed up by a geek edition which discussed an XKCD comic and some of the mathematical concepts behind this.
  • Once the password cracking tool, John the Ripper, was adapted for taking a shot at 1Password Master Passwords, we looked at how well 1Password holds up with these sorts of Master Passwords
  • In April 2013, hashcat achieved remarkable speeds (300,000 guesses per second) against the 1Password 3 data format, suggesting that a password of 4 or 5 diceware words should be used with 1Password 3.
31 replies
« Older Comments
  1. Adel Antado
    Adel Antado says:

    Life is a baance. I don’t think a password should be much stronger than needed. My aunt Lucy who gardens and emails friends about her roses doesn’t
    even need a password. Who would want to hack her account? Bernie Madoff however would probably need as complicated and as break-proof an eternity of computer driven password-generated codes.

    • Jeff
      Jeff says:

      You are absolutely correct, Adel. Everyone needs to look realistically at the threats they do and don’t face and make their own decisions about appropriate security behavior.

      But your Aunt Lucy is not just protecting the contents of her email with her email password, but she needs to be concerned about people impersonating her if they get into her email. I’m not sure if you are familiar with the “I’ve been mugged while travelling” scam. The attacker gets into the users email account and then sends out email to all of the contacts about being mugged in some location. Ultimately they are trying to get someone to send money by Western Union.

      Still, I don’t mean to quibble about the particular case. Your overall point is correct. Each individual is going to need to make a judgment for themselves

      Still one should err on the side of caution when making judgment for your needs and circumstances. Also look toward the future. Today Aunt Lucy may just be forwarding email about roses, but tomorrow she may be doing some online banking.



  2. Thomas Snyder
    Thomas Snyder says:

    Jeff: On my iPhone I have 1password and it allows finger print log in to the 1password app. would you say that in general a “finger print” sign in is safer
    than a really strong Master password? Is there a way a hacker can hack your finger print?

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Hi Thomas,

      Fingerprints can never be a replacement for passwords. And this is how it is with TouchID unlock with 1Password. TouchID can be safely used to save you time in some circumstances, but you still need to remember your Master Password.

      So please don’t think of the fingerprints as a replacement. This is also how things work with TouchID unlock for your iPhone. It does not replace your device passcode.

      The difference isn’t so much about relative strength, but it shows up in different security properties.

      1. Fingerprints are hard to change. Passwords are easy to change.
      2. Fingerprints are discoverable in ways that don’t require a compromise of the authentication system. Unique passwords are not discoverable that way.

      Consider the difference between a password and an (in)security question, such as your mother’s maiden name. Your mother’s maiden name is hard to change, and it is discoverable in ways that aren’t through a breach of the authentication system itself. These are very different security properties than passwords.

      But fingerprints are useful for local authentication. Because they can be captured in ways that passwords cannot, they are not as secure, but there are contexts in which they are secure enough for the job at hand. I think that Apple built in the right mix of fingerprint/passcode integration, and we have largely followed along with those principles.

  3. Curious
    Curious says:


    This is a fascinating article. TouchID seems like a truly valuable enhancement to security in that it makes using 1password so easy that users are more likely to use 1password and thus create crazy strong passwords they’d otherwise not use. But it seems like the (really) weak link is you have a 4 or 6 digit number protecting your iPad from a bad person adding their fingerprint such that touchid can now be used by the bad person to open your 1password! It seems to me there are two solutions:
    1)create a high entropy password to login to your iPad
    (The right thing to do I suppose)

    But what about
    2) limit iPad to 10 attempts before deleting contents and then feel free to use an otherwise weak password such as 4 or 6 numbers?

    Am I wrong or would option 2 be ok? As long as the 4 or 6 number password wasn’t really obvious isn’t the bad person stuck since they only get 10 attempts before the iPad gets erased and there is no point in breaking in anymore since 1 password (and access to all your sensitive accounts) is now gone? Am I missing something? Option 2 just seems so much easier than option 1 without taking an obvious hit to your security

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Thanks for asking. There are a couple of reasons why we don’t do a “too many unlock attempts, we are removing your data” kind of thing. The first reason is that it makes it too easy for someone (perhaps a child playing with your iPad) to cause you major data loss.

      But the subtler reason is that that line of defense will do nothing to stop a sophisticated attacker. Your data is sitting on your device and is encrypted with keys derived from your Master Password. An attacker does not need to use the 1Password application itself to try Master Passwords. Instead the sophisticated attacker will make a copy of your encrypted data and will run their own password cracking software on it, perhaps making hundreds of thousands of guesses per second.

      Again, they are working against a copy of your encrypted data that they made. They are not interacting with the 1Password software itself. So such a lockout or data destruction mechanism built into the app is not going to bother such an attacker.

      The kind of system you describe does work for an online authentication services, where the data exists only remotely and not on your device. It can also be used for unlocking a tamper-proof physical device itself. But it cannot be used against sophisticated attackers who have access to the encrypted data itself. And that it is the serious attacker we wish to defend against.

    • Matt McClure
      Matt McClure says:

      Thanks for the detailed response but I think I may have been misunderstood. My question was not “why not use 10 failed attempts before deleting for 1password itself?” it was “why not use 10 failed attempts before deleting the whole iPad/iphone itself?” The reason I am asking is even if you have a rock solid 1password master password, this can be easily bypassed if one can get into the iPad/iphone settings section and putting a new fingerprint in the TouchID. Thus the vulnerability (assuming good 1password master password) is TouchID, not 1password. It seems to me, though, that that vulnerability can be eliminated by implementing the 10 attempts then delete function because even a 4 or 6 digit numeric password is hard to break within 10 attempts. Is that right?

      As for your comment about the bad guys copying over 1password onto their computer and then attacking it with their own software, can they do that from the ipad/iphone without first entering the code to unlock the device? If yes, then I am wrong. If no, then they still need to figure out a 4 or 6 digit numeric code within 10 attempts, which is not likely (assuming a randomly generated numeric code).

      Thanks for your response.

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Thanks Matt, I had misunderstood your question.

      If your 1Password data only lives on that one single iPad, then yes, you can rely on the iOS device lockout. If you are using a 1Password Account and synching data across multiple iOS devices, you can also get by with using that mechanism on all of the iOS devices.

      But if your data can end up on a non-iOS device or is being synchronized using something like Dropbox, you will still need a good Master Password, as we still need to defend against attacks that obtain a copy of your data from those systems. (Our Two-Secret Key Derivation protects you against someone obtaining your data from our servers.)

« Older Comments

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.