Filter special characters in generated passwords per login

I agree with @bofh00, some sites do have arbitrary “special character” requirements that force users to use at least one symbol out of a specified set that doesn’t match Bitwarden’s. For these I have to generate a password, copy to a text editor, make arbitrary replacements, then paste the modified string. I can also go to https://passwordsgenerator.net/plus/ which gives me the option to edit the list of additional characters.

It would be nice to be able to do this within Bitwarden’s generator. I like @hoyolo’s mockup above; minimalist but effective.

2 Likes

I ran into a lot of annoyance with 1Password because they had a glib stance on their generator. It would have commas and a bunch of random characters, special characters at the front of a password, etc. which many sites - albeit arbitrary- didn’t like.

I’m for practicality of not getting ‘we don’t accept passwords that look like computer code’ rather than taking a stance that a password field should accept any character I throw at it. After all, if you change a password from OIlk*(j343 to OIlk,(j343 the hash would be entirely different. Brute forcing is just a series of guesses until one cracks the puzzle and its complexity is just based on assumptions and looking for the lowest hanging fruit. The person with a password of monkey123 is screwed compared to you.

Back to 1Password, the problem with there’s was that it would immediately pop up to update your password. If the site didn’t like the password it generated I couldn’t exit out and fill my current password back in because it had been updated. Consequently I had to do a lot of opening Notepad and pasting new passwords, then going into my vault and updating it with the password the site would take.

We should not have to each time select what type and length of password to generate. A password manager should generate a random number internally, and at least on the desktop display it N different ways all at once. Give us a copy icon for each one so we can click on any of the icons and copy that one.

I personally would like to see:

  • Lengths 16, 24, 32
  • Character set [a-z0-9_] (last one is underscore) of each length above. Also preferably always avoid characters resembling 0 and 1.

That’s a total of 6 passwords, and you can copy any of them by clicking on the associated copy icon.

Then give us some options to vary the above, so we get the type we prefer. Always 6 passwords, always able to copy any one of them with one click.

This might need modification on a mobile device – maybe only 4 at a time.

Looking for Password Generator?


There are many tools, but these tools are simple and better than all

I think an Eeasy solution would be, that the Password in the Generator is editable. So you can manualy add or remove characters.

1 Like

Bumping this - it is still relevant. The password generator in Bitwarden could do with some love, as it is surely the second most commonly used UI after searching for a password.

I think an additional avenue in dealing with this issue is to collectively educate website developers to allow more special characters in passwords.

When coding, it’s trivially easy to escape special characters when needed. Plus, allowing a full spectrum of special characters provides more password entropy, which is an essential component for good security.

Encouraging the millions of web developer’s to adopt a new practice seems like a sysiphean task for a small password manager company to take on. Beyond a blog post or two, how to go about it?

The edit generated password suggestion
above is excellent IMHO.

1 Like

It’s not just web developers either.

Some organisations are way out of date on these matters, banks being the obvious example but government at many levels is not far behind.

Ok - to expand on the editable password in the generator. Of course it is already possible to edit a password after it has been saved. But if you already know the limitations, it would save several steps to allow changing disallowed special characters to allowed ones before saving. This also avoids the risk of saving a password different to the one actually set up in an account.

If saving also copied the new password to the clipboard this would be even better.

This approach is surely a lot simpler to implement than having an editable list of allowed special characters, that is likely to be wrong for almost as many sites as the current implementation.

For the sites that only tell you the allowed characters after you have submitted a password, this doesn’t help, but that is not Bitwarden’s fault.

The whole point is that I can’t see a single reason why would not the user be given full control over what characters can / cannot be used while generating passwords. This is a tool that should follow my (user’s) rules, and accomodate my needs as the user who generates passwords on a daily basis. Why would the tool force me into using a particular set of special characters - why? Am I treated like a kid who cannot decide which characters are needed for the passwords?

That’s very simple - just let me control the characters I need in my generated passwords.

Instead, if the tool wants me to EDIT the password it generates, why would I want to use the tool in first place? I would not.

The basic idea behind not giving me enough freedom in configuring the characters is wrong. If you want to cater for users who have no clue how to generate strong passwords, then give them such an option with good defaults. But for adults just give full control. I don’t know how this can be not obvious.

It is a reasonable suggestion, and I am sure it will get addressed in the future sometime. Until then, your request has been heard loud and clear, but there are bigger fish to fry first.

When generating a new password in the Password Generator, I’d like to list the special characters that are allowed to use.

In my particular case, I’d only allow for an underscore _ - this way I can always select whole passwords with a double-click while still allowing for special characters.

Right now, I tend to turn the special characters OFF - just because I can never select the whole password with a double click.

Hope it makes sense for more than just me! – Thanks.

I’d very much welcome this, for different reasons: some sites are very arbitrary in which special characters they allow. And for the rare case where there are no restrictions on the character set, I’d like to include some nonstandard symbols like ø and ß, just to spice things up …

4 Likes

I very much welcome the suggestion and second that.

Due to varying requirements on different platforms for allowable special characters in the password, this feature would enhance Bitwarden’s effectiveness and applicability

+1 for this feature. I used to use KeePass which has password generation profiles and explicit selection of which characters to use.

+1 RoboForm has this feature and I’m currently evaluating Bitwarden. So far this is the only thing Bitwarden I’d missing that I use often. This seems like a small item to implement with a high return in value to the user. Please add the ability to edit the special characters list for password generation.

I’d like this too. My bank has a short list of special characters that they allow, as do many other sites. It would be great if they all fixed their systems, but that’s not the world we live in. Being able to specify special characters allowed in the generator would be a really helpful feature.

I have run into this issue as well, on rare occasion. An easy workaround is to disable the special characters in the password generator, save the newly generated password, then manually edit the password to insert a couple of random, valid special characters.

That’s reasonable on a computer where multitasking is straightforward, but a total drag on a mobile device.

In the higher voted thread on this, there was a great suggestion to allow editing of the generated password in Bitwarden.