In certain cases pass-phrases are better to use than passwords. However, most websites implement a limit on the number of characters that can be used. With a pass-phrase this turns out to be a guess and check game since there is no character length visible.
It would be nice to have the character length in the bottom right corner as shown below.
2 Likes
I don’t disagree with the suggestion. If this does not get implemented, or while you wait for this to get implemented, you can always use the fact that the average word length in the word list is known to be 7.0 letters. Thus, with the separator character included, you can estimate the approximate character count as 8×N (where N is the number of words). For example, with N=7 words, 8×7 = 56 characters (which is pretty close to the actual value of 58).
1 Like
@grb Thanks, thats a cool trick. I rather not do the mental math though 
Please implement this simple request. I just spent several minutes getting a new pass-phrase in place for a bank site. A real pain without a visible character count. The site has a 32 character maximum. I prefer using a pass-phrase just in case I need to manually type it in somewhere. No way will my 73 yo brain/fingers be able to do that without it being a pass-phrase.
Do you not think you could type a relatively short, 8-character random password like rv3Q$P9j, if you had to?
Sure. I could manage that. My “no way will my …” comment above was partially in jest. I’ve been typing longer passwords for years, but ones I made up myself, usually strings of obscure phrases familiar to me thus easy to memorize, but rarely included in dictionaries, separated by this and thats. In your example I’d probably write it down, then type it in.
That said, in a world where websites sometime/often limit the length of passwords, I’d think a well designed password manager would display the length of the passwords/pass-codes that it generated, or at the very least allow the user to enter the max length before generation.
Also, I do realize that your comment above was, at least partially, a gentle poke-of-fun at a geezer. This geezer did get a nice giggle out of the joke.
I wasn’t really joking so much as trying to get to the bottom of your desire to use a passphrase for a bank account. Certainly, a 32-character random string (e.g., G#2F6Y@ysm8olk!a&^^K2Fw42gmdX8OK) would be a challenge for anybody to type correctly, but I would think that a much shorter version (e.g., Ezp2u#ub) should be quite manageable (especially if you break it up into character pairs: Ez p2 u# ub).
Very few websites will have a password length limit as low as 8 characters, so it seems that a random password string of 8 characters would meet your need to be able to manually type the password, while also being highly unlikely to exceed any password length limits.
To be clear, none of this is to say that the feature request to display the number of characters in a passphrase is unreasonable.
To help clarify @grb’s point, if randomly generated, the following are equivalently strong:
- 18 lowercase letters (a-z)
- 15 uppper/lower case letters plus digits. (a-z A-Z 0-9)
- 13 random characters (a-z A-Z 0-9 and “specials”)
- 7 diceware words (this is what Bitwarden’s passphrase generator creates and will be approx. 55 characters long)
So feel free to pick between any of them and feel equally secure. Here is a table of equivalences if you are looking for other strengths.
Thank you both. All this makes sense. I knew there would be different levels of strength for the various forms of generation and length, but had no idea about the particulars.
1 Like