Choose the word list for passphrases

The user must be able to choose the word list used to generate passphrases.

Why?
A passphrase must be made of words that are easy to spell and remember. The current list uses words that are too long, hard to spell, and completely out of the usual vocabulary.

And that’s for native english speakers. I’m French, I live in Germany and work with Swedes. I guarantee that none of us are able to type correctly a passphrase with “quarel”, “mannlinness” or “konsult” in it (typos are intended), like the one I just generated.

Some examples for additional word lists.

https://ae7.st/g/

1 Like

The word list in the desktop app is embedded in the Electron bundle app.asar. We can see from the comment that the origin of the embedded list of the Electronic Frontier Foundation.

To support multiple lists the development team might need to extract the list from the app bundle to a dedicated .txt file in the app path. That would make the list extensible because it’d simply be a reference to a file path.

// CONCATENATED MODULE: ./jslib/src/misc/wordlist.ts
// EFF's Long Wordlist from https://www.eff.org/dice
const EEFLongWordList = [
    'abacus',
    ....
];
2 Likes

I personally prefer LastPass’s pronounceable passwords over this. But the problem about LP is that, besides inconvenient, it’s on the other hand of Bitwarden. But for now, XKPassword has been doing great for me so far.

I understand about the globalization problem. I’m not from US either. So far, I didn’t find people who did this into other languages. But I just use XKPassword and translate each word, so it gives me clues about what a passphrase can be.

It would be formidable to have this feature in Bitwarden, of course. But I guess this is minor priority for now. Let’s wait (a while) and see. ¯_(ツ)_/¯

Is there any chance this request will make it to the roadmap?

Currently, it does seem the amount of requests for this is pretty low, so the overall chances would be less for sure. Perhaps this is something we could translate via Crowdin to make it easier to implement.

1 Like

i really love the idea. RIght now i am using http://password.optionfactory.net/# to generate PW in my language, have to add Capital Letters or Numbers etc. manually. Best would be to have that option in Bitwarden included :slight_smile:

1 Like

Wow, thank you so much for this! I knew and even recommended XKPasswd, but I didn’t know they’ve done it with other languages. Awesome! :smiley:

I just hope that API is open so Bitwarden can make some use of that code. Thanks for letting me us know! :grin:

I could see it being really handy to be able to select bip-39.

Good call!
Besides passphrase source is English (not native for many users) only, the words are quite long and complex.
So even if your proficient in English, mistyping due to stress, lack of attention, or small screen/keyboard will happen quite often.
@tgreer: Maybe Bitwarden could (optionally) enable short / common English words in a quick first step? I think this would help and cost less effort.

I would like to be able to use custom word lists as well. I’m bilingual (working on trilingual) and it would be helpful to me to add word lists from my other languages to (possibly) enhance the security of the passphrase without making it harder for me to remember. I also find some words exceedingly annoying to type (I’m looking at you, “minimum”) and would like to be able to remove those from my word lists.

Having the passphrase generator in English only makes it unusable for me at the moment. All passphrase passwords I have to “generate” myself in my (Dutch) language so I (might be able to) remember them. Having the generator using the application language set in settings would be very helpful.

Well I would love to see this feature,
But I don’t think there is a passphrase dictionary in my mother tongue. I searched for it, couldn’t really find a language pack

I would like it to. I speak French and even if it wasn’t about my own language, it would improve security. English is the most commonly used language on Earth. So, it is more probably targeted language. The best answer would be to have the possibility of chisen a mix of language. For example, chosing 3 languages for at least the same amount of words.

I think language should be an option to choose from in the generator rather than defaulting to the language set in the Settings. Set as a multi choice one like jseb mentioned so the phrase can be in multiple languages which would be perfect

One of the hurdles with enabling it for more languages would be the words that contain diacritics which aren’t globally supported for passwords. There would need to be a checkbox to enable/disable them for when websites/apps don’t support them, and then have a way of filtering words based on the diacritics to be in the phrase based on the checkbox.

For example, the below Norsk is the bears-the bread which contains the diacritic ø
Bjørnene-brødet

1 Like

+1

Diceware word lists suitable for passphrases are readily available in many languages https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline

Hi everybody
I think it can be very useful to allow you to generate secret phrases in different languages ​​and not just in English. What do you think? It would be enough to enter the chosen language in the settings and add an extra vocabulary.

I would like to have the option to choose between more than one language dictionary and to mix the chosen ones into a single passphrase. For example : 1 Spanish word + 1 French word + 2 English word + 1 German word.

It would automatically add a lot of entropy to any passphrase. It’s probably something that can be done easily. The only problem I can see is that it may increase the app and add-ons size. Maybe it could be an option that only download the chosen dictionaries to mitigate this issue.

I think it would really help more senior generations who are not well versed in internet security and do not speak english

I think this is an important suggestion, which should not be difficult to implement. I would ask mods (@dwbit?) to consider merging the votes & comments from the following related Feature Requests:

This should bring the total vote count to at least 56. Hopefully that will be sufficient to garner more interest from the devs.