I’ve noted that random password generation, in Bitwarden, doesn’t include some symbols.
( { } ( ) / \ ’ " ` ~ , ; : . <>)+|£€?
Why have you excluded them? Why don’t you make random password generation “more random” adding them? You could give to the user the possibility to include or exclude these symbol as you do with other symbols.
What do you mean with “random special symbols already apply”? During PBKDF? Because KDFs require an input password with an already high entropy to be effective. If you choose an easy password you are not safe even if you use KDF
Nope. I meant that the current available character set already does a “decent” job. But if you want to improve that by adding more complex symbols just to increase the strength and entropy, fine.
But I guess Kyle didn’t place those characters in specific for a lazy reason, not at all.
I’m not here to talk whether passwords are stronger or not. I’d use http://xkpasswd.net as an example. If it could be based on that kind of generation, it would be fair for me.
Although the master password is not something I change frequently. Also because it requires some time and practicing to memorize and keep them in mind.
I find it much more convenient to use a simple character set, such as all lowercase alphabetic.
For more randomness, increase the length.
There are some benefits to not using special characters. Copy-and-paste becomes more reliable, because you will not accidentally leave a substring out due to a special character being interpreted as a word boundary. On rare occasions, when you need to enter a password manually on a small-screen device, you will be less likely to make a typographical error.
If you encounter a website that requires special characters, just include one or two manually.
If you let the user choose if the new symbols will be included or not, I can’t see the problem. For the length I agree with you but many websites limit the password length so you have to increase the entropy as you can.
Why not extend the possible character set with a user-defined “real special chars”?
In Denmark we use æÆ, øØ and åÅ as plain ordinary “special” chars, but imagine a security if the password generator could use special chars like ®, «, ╔, √ etc.
I’m aware, that some site probably would refuse “illegal” chars, but most do actually accept them…
By making it a user-defines field, you (Bitwarden) don’t limit any special wishes…
I think this answers my question then, but just to make sure. Is there no way I can set what characters are and are not used in the password? I was sure I was just missing where to configure it somewhere…Some of my sites do not allow any special characters (!@# etc.), some require it. Some require upper and lower case. Some require shorter lengths, some require longer. I’m used to keepass where I can set every single aspect of the random generator.
Different websites have different password requirements and not all websites accept all special characters. In such cases, I had to manually copy the password and look for not accepted characters and remove them. Please add the capability to choose special characters while generating the password
Configure Bitwarden to always give you a long password with only alphanumeric characters.
Then manually insert one or two of the required characters. Use underscore if possible, because it won’t prevent selecting the entire string with a double-click.
So if Wells Fargo passwords ignore case, and maybe so do other websites, you can prevent the randomness of your password being thus reduced by using all lowercase to begin with.
+1 for this. I often had a situation where certain special characters were not allowed. Then I currently have to disable special characters completely which makes the password more insecure or delete them manually.
And as described here, more special characters should be added as well: Improve random password generation
Please allow Password Manager users to specify specific special characters to be used in a Generator generated password. Currently only this set “!@#$%^&*” can be selected, which is ridiculous. Please give us the ability to create our own set of special characters. Other password managers allow this.