Allow higher limit of characters in the generator
Do you actually have websites you visit that would allow for a 256 character password? Never heard of such a thing.
The security of a password longer than about 14 characters, so long as the password is randomly generated, is beyond strong
It would take trillions of years for a trillion computers to break a 128 chr password
(and when I say trillions of years, I mean close to 10^150 years)
Why have more
To flex on random strangers on the internet, duh!
What @el613 said.
A random generated password with 20 characters is literally unbreakable and nearly all websites will allow a password with this length. You can do 30 if you wantā¦
If anyone is wondering the mathā¦
A password that has a 95 character set (upper, lower, numbers, special) and is 20 characters long has 131 bits of entropy. We consider 128 bits more than secure enough.
With the same 95 character set at 39 characters long would give us 256 bits of entropy. This is important because the encryption key protecting your data on Bitwarden servers is 256 bits. So making a password longer than 40 characters is pointless as the thing protecting it is weaker.
If you manage to get all the power of the Bitcoin network (150 Quintillion h/s) to somehow crack passwords it would take 9,303 years to crack a 16 character long password with a 95 character set. Make the password 20 characters long and it would take 757,738,157,701 years to crack.
Not only is there no real need to make passwords overly long but there is diminishing returns after 39 characters. The funny thing is the people who make overly long passwords only end up keeping themselves out if they have to ever enter the password manually.
The time taken to bruteforce a 20 char password is the least of your worries. If you had access to an ideal perfect computer, just toggling a single ātransistorā between 0 and 1 that many times would destroy all life on earth. Once you start including that we donāt have access to these perfect computers, that we actually have to do calculations no just flipping a bit, that we have to move around data, that we have to compare data. The earth would be turned into a molten ball of magma or worse.
A password longer than 39 chars being greater than 256bits means itās stronger than the underlying hash and encryption. Ignoring that itās still physically impossible, an attacker would sooner find a password that so happens to work even though itās not the same.
Understand all your replies, but I do have 4 website and 3 Tools that accept 256 characters.
No matter the math or reason, it is supported by other programs/webtools. That is why I request it.
Do you really understand? Because Iām not so sure you do.
However, Iām pretty sure you can make a Bitwarden account with a 1000 character password. And you want only 256ā¦pathetic (sarcasm)
Please re-read my reply, before you make a uneducated guess.
I am requesting a regular request, I understand the above replies.
Bitwarden does give us an option to use 128 characters, even if 39 characters is already exceeding the 256bit encryption that protects it, are you calling them stupid aswell??
I request it because IF I choose to use 200 characters in my web application Iād like to have an option to generate it in Bitwarden. Even for future proofing if/when we will increase encryption levels.
If you do not have anything to say that will be noted as normal criticism, than please do not reply or go on reddit.
There is no reason for that, even IF a website allowed that many characters.
Because if you use a length of 30 with all options enabled, you already have 70^30, which according to google is 2.25393402907e+55. Thatās a pretty large number to say the least. Itās cryptographically unbreakable.
As a workaround, you can just create multiple 128-character passwords and copy them into the password field. On Mac the shortcut for the password generator is CMD+G.
LUKS now supports 500-character passwords. I agree that you probably wonāt gain much after 40 characters or so, but why not allow it if itās virtually free.
However, expect to run into problems with certain applications and sites. Too many devs donāt expect that anyone would enter a password longer than 30 characters, and Iāve seen really weird stuff happen (e.g., the app truncating your password without telling you where ā¦ that is fun).
Weāre actually expanding the password field to 5000 characters to match custom fields 
Would it be possible to reduce the password field at the same time? Itās a rather banal request, but Iād like to see the ability to generate 4 digit PINs (my feature request here) rather than developing a 5 digit PIN and dropping the last character.
A small and insignificant change in the grand scheme of things, but itād be nice to see!