Allow for more than a minimum of 9 Minimum Numbers and Minimum Special when going to generate a password

Feature name

  • Enable for more than 9 Minimum Numbers and Special when generating a password.

Feature function

Currently using the Extension and Desktop app, I can only allow a minimum of 9 Numbers and 9 Special Characters when going to generate a password. On mobile, on iOS and android, the minimum for those is 5. Not sure about web.
I for one, like complex and long passwords. So having a low limit of numbers and special characters, in my opinion, makes the password not as complex as I would like.
If I am on desktop or the browser and try to enter in say, 15 for minimum special, the number get’s reset back to 9. On mobile, you can’t go past 5 even if you wanted to try,

Related topics + references

N/A

How long are you making your passwords?

Anything over 44 characters long is going over 256 bits of entropy which is more than the encryption key protecting your data. Shoot, 22 characters long is 128 bits and that is more than secure enough.

3 Likes

Depends on the account. If it’s a personal / valuable one, it’s a lot longer. If it’s a misc account, then it’s maybe 40-50 characters. Just depends on the account and how valuable it is to me.

Doesn’t increasing the number of numbers decrease possible values per character and therefor entropy?

2 Likes

I am not sure. That is out of the area of my knowledge. If that is the case, then the minimum number of number can stay the same and the minimum number of special characters can increase. I’m still fairly new to this kind of stuff so maybe the current setup is secure enough.

Security wise the less restrictions you use for a password the higher the entropy and thus strength will be. So a forced minimum in general will decrease strength.

I myself only use the minimum when a site requires this.

For mobile and/or manual use I generally only use lower case upper case and numbers and at least 16 characters. This is secure enough for me, I don’t work for a 3 letter government agency.

As @dangostylver said, any password over 44 characters is meaningless and does not add any more security.

I use 20 characters passwords because I like round numbers…@MetBril uses 16, which is also perfectly fine. Literally all supercomputers on earth at once won’t be able to crack a 16 char random password (by that, I mean it would take too many years). For 40 char - the universe will die a million times.

1 Like

I would rather say allow maximum number of special characters to 40. Then it would decrease paranoia of paranoiac people. Even thou, i’ve paid for premium membership of Bitwarden, so I hope, that developers will hear us :wink: Regards, friends!