We really need this option, this is an ever increasing frustration that could very soon make the “Special Characters” checkbox within the app obsolete leading to people choosing less secure passwords and defeating the whole purpose of having the password generator to begin with.
With so many more websites, organizations and applications adopting password complexity as a requirement and with there being NO STANDARDIZED MODEL for such an ambiguous topic such as which special characters to allow or disallow this is in desperate need of an implementation change.
I propose 3 changes specifically:
A simple editable text box hidden behind an expansion arrow below the “Special Characters” tickbox that will pre-populate with the default special character set in comma deliminated format that will accept only special characters (excluding specialized ASCII characters that would require alt+xxxx functions under windows) along with a button or tickbox that allows you to automatically apply the persistence to the proposed “Domain Rules” Functionality (See Below).
A function for Domain based persistence of a selected special character set and the associated added functionality to the Password manager>Preferences>domain rules.
Here you can edit the special character set based on domain added as a new pane under the dropdown section when choosing to edit an individual domains preference that will simply show a pane with the same editable textbox from the password generators expansion arrow.
Add a section under Admin Console>Settings>Policies>Password Generator.
Add Functions:
A Tickbox allowing the admin to completely disable functionality for changing the special character set in the password generator.
And a editable text field called “Managed Domains” that allows an admin to disallow editing the special character set for certain domains the administrator chooses, also in comma deliminated format.
Currently, one can just enable special charaters, which include $ % and ^ as well. Those characters might cause issues on some (especially older) systems, so one has to remove/adapt them by hand, if not wanted.
How has this not been implemented in 6 years? More and more websites have a special set of special characters allowed. The default list in bitwarden has special characters frequently not allowed on sites. To fix this in the password generator allow the special characters to be edited on the left when clicked on
Most banks and other financial institutions does not allow certain special characters when changing password.
Here’s an example of a password policy: 8-32 alpha numeric + special characters; excluding any of the following characters:
~ ; < > " & { } ( ) space and the word script or userid
Please add a feature that will support selecting which special characters to exclude when generating password. This would prevent manually replacing special characters from generated passwords.
Hi, I am a newbie here, having used BW for only a couple of weeks. However, this issue is causing me some problems with a few websites so I must put my two cents worth in.
There are so many good ideas presented on this thread I am not sure my idea is even relevant. But I think the simpler solution would be to allow the user to define his own custom set of special characters, or, alternatively, accept a default set. As another alternative, then give him the option change it for a particular login set. I think it should be kept as simple as possible.
I wanted to add my 2¢ to this discussion. I would like to see some means of controlling which symbols are used in generating a random password using punctuation marks. This seems like such a common occurrence when I sign up for a site. The use of checkboxes would be helpful. Even better would be a way to copy the list from the site (there’s usually a list of accepted characters) and drop it into an input box. Then, have that list parsed and applied to the above-mentioned checkboxes. Furthermore, if a symbol is allowed on a site but is not in the list of symbols used by BW, simply ignore it. The symbol being allowed doesn’t mean it has to be used, just that it could be used. I would expect that this feature could best be handled as a popup window that a user could open to refine the symbols. Then there is the issue of storing this list on a login-by-login basis.
Do you know if it’s possible to add this feature to the roadmap? It does not seem like a very complicated one and can be implemented by changing a span element with special characters to input (and read from that field). Would look something like this (I didn’t allign it perfectly, but it’s good enough to show the concept):
When generating a password, an option to exclude specific characters would be nice.
In my case for example, the special character “^” is pretty hard to find on some non-English keyboard layouts, which is why I prefer don’t having them in my passwords.
I think a simple text box where users can type in all characters they don’t want, separated by commas or semicolons would be fine.
Clicking regenerate over and over again and checking if that one character is still in there is time consuming.
This was one of the first questions I got about Bitwarden from our staff: “Why are special characters all or nothing in the password generator?” A custom field that allows users to exclude characters of their choice would be a huge “quality-of-life” improvement.
Currently, the Bitwarden Password Generator has a simple toggle to include or exclude symbols. However, in practice, many websites only allow certain specific symbols (e.g., @, #, _) in passwords, while others completely restrict particular characters.
Because of this, it would be very useful if the Password Generator allowed custom symbol selection. This means users could decide exactly which symbols are permitted when generating passwords.
Proposed Feature:
Alongside the existing “Symbols” toggle, add a Customize Symbols option.
Users could either type the allowed symbols in an input field or select from a checklist of common symbols.
The Password Generator would then only use those chosen symbols when creating passwords.
Benefits:
Makes it easier to comply with website-specific password policies.
Users won’t need to manually edit generated passwords anymore.
Increases flexibility and user-friendliness of the Password Generator.
probably better woud be that these settings would be linked to a central profile maintained by the system administrator.
So a administrator would have the option to register a profile containing of a common name, the password profile including the customizable special characters and de links to the websites.
Users can than choose from these profiles.
In our organisation we’ve got applications wich have to be stored in Bitwarden by each individual user. Now we provide them with a sort of instruction on our intranet application; what the should fill.Especcialy the password policy and the proper website links.
Hope I’m not saying something redundant or missing part of the discussion — I just signed up to support this feature, since I’ve been wanting something like this for a while!
Since Bitwarden is open source (and I know the dev team is busy), I thought maybe I could try working on it myself, at least for the browser extension. Instead of excluding characters, I was thinking of two checkboxes: one for common symbols and one for extra/special ones.
If there’s any way I can contribute, I’d be happy to help!
I would guess, most people would like to have a field for a possibility to exclude any character (e.g. and exaggerated: maybe even the e I don’t like today) - like KeePassXC offers it:
