Either I care about this account or I don’t. If you badger me to make an account, I will use a throwaway email and “1234” cause you made me do it, now it’s your problem. If I do, I will use a different email, a generated password, usually 16, caps, lower, numbers, signs and no ambiguous chars, generated by Bitwarden, almost always backed by TOTP.
“Strength” is irrelevant for me. I don’t come up with passwords, what’s the point. Bitwarden has 650 passwords for me, plus a couple other hundred in various browsers. I am never going to remember those.
I don’t come up with passwords. I either give you one of the 3 reused demo passwords and “Jim” as a name or you get a generated one.
I agree with the above take that complexity indicators are only good for grannies. Unless you boast a dictionary on all languages, the complexity indicator does little to protect against a dictionary attack. My name won’t be in the dictionary, which is VERY weak. Same for birthdays, reused numbers, reused passwords, etc.
All it does it a vague indicator of strength that is useful for beginners, which is not the target demographic of Bitwarden. If I went through research, looked up what a password manager is, looked up the safety records of others and decided to go with an open source password manager, I probably know how passwords work already.
Whenever I have shilled this to anyone, I have explained that the best way to do this is to press “+”, make a user/pass in Bitwarden and fill it, rather than save a password you make.
Who is this for?
If there’s a setting for it, I’d set it to off.