I’ve recently started using Bitwarden and am liking it a lot. Especially the option for a passphrase generator.
Something I’d like to see in that section is an indicator that shows a rough level of entropy that the generated password would be. Something similar to what keepassXC does (see attached screenshot)
Similar to how KeePass shows password strength for creating new/viewing existing passwords, it would be nice if Bitwarden showed a password strength meter (zxcvbn) , like the one shown when creating a master password, underneath passwords in both the Password Generation page and under existing password fields within entries.
Since the Weak Password report is a premium feature, perhaps showing the meter under password fields in existing entries should be limited to premium users as well if necessary.
The reason I believe this would be useful is because I have seen people using password managers who still set their password length low and create insecure, short passwords because they have no indication what a good/bad password is, or still think as long as they have a few numbers and symbols it means their passwords are secure. A strength meter to give inexperienced and experienced users an idea how to make their passwords better at a glance would be helpful.
The problem with this kind of features is, that a passwort strength meter thinks that 123456abcABC! is a strong password, cause it is long, contains lowercase and capital letters, numbers and even special characters. But i think we all agree that this isn’t in case a strong password.
I am posting this as a new reply, because my last reply was 2 days ago.
I found some links that calculate a pasword crack time (to show how this can be implemented):
It is strange how the crack time differs at these services.
For the password Hello123 the following crack times are calculated:
1st service:4 Months and 4 Weeks (here I skipped the rest)
2nd service: 21 Hours, 21 Minutes
So these services are just an indicator, how this could be written in Bitwarden.
Here some suggestions of the output (note that there are only two values shown, so keep it short):
less than one second
1 minute, 13 seconds
14 days, 21 hours
53 years, 7 months
2.411191487389969e+32 years (a password generated by Bitwarden), maybe you write it shorter and more readable
Any news on this matter? I’d also really like them to implement this password strength meter just like many other password managers do.
I’d like to see the password strength of my existing passwords (Logins) in my vault + I’d like Bitwarden to indicate the password strength when it generates a new password for you or when you make up your own password.
Those able to afford US$10 per year can get reports which show this.
However, what I did when I started using the free Bitwarden was to change email account and financial passwords first. Having done that I slowly worked through my accounts, over a few weeks, changing the passwords.
Now that I have paid US$10 the reports show that the current passwords are uniformly strong. My only, minor, niggle is that the reports show my old and now unused passwords.
I also have several password strength meters/generators bookmarked/installed (having checked what they do) to see what they have to say about Bitwarden generated passwords/phrases and I occasionally use their suggestions too.
Could Bitwarden, by default show a password strength meter (based on zxcvbn) under EACH password and also say whether a password has been compromised or not, without having to click any additional buttons, e.g like this
Are you asking for it to be injected into the webpage? The implementation could be tricky given the variety of different login webpage formats. Bitwarden’s current webpage parsing/detection for other features (e.g. autofill) still have issues.
A slightly less visible (but probably less intrusive) option would be for Bitwarden to add Overlay Feature and present the strength/compromise information there. Since it only injects a small clickable symbol into the webpage, it is less likely to break webpages (though I believe LastPass overlay occasionally does interfere).
You aren’t the first one to suggest that and I honestly can’t find the logic behind this request.
As you (probably) are using a password manager, why do you need to check if the password is strong enough? All your passwords are stored in your vault and the only thing you have to do is to make sure that all of them are secure. I can tell you right now that a random generated password with 15-16 characters is unbreakable.
@cho-m
I want it integrated into the extension, not the browser. sorry for the lack of clarity
@Nik1
I have Enpass and Enpass rated 16+ length characters that were supposedly randomly generated (I cannot remember if I set the settings to pronoucnable though) as weak - they weren’t words though. Hence given my passwords have not all been generated by Bitwarden, I want to know if the ones that haven’t are secure
If it matches, then this feature request will probably get merged into that thread and you can vote on that one. Bitwarden uses votes to help plan features, so make sure to use your votes if you are interested in a feature.
It would be handy to have Bitwarden include an indicator of the quality of the password based on settings defined by the user.
KeyPass has something like that as you see in this screenshot.