@Nail1684 Thanks for the tip!
A welcome improvement over the newly enforced hard limits, although we pay for it with more visual clutter (longer hint text).
Some of the original concerns still stand, though — IMO, it is not a good look for Bitwarden that some of the length limits and “recommended” values seem to be drawn out of a hat:
-
By default, the password generator can generate passwords with entropy as low as 15 bits, but the passphrase generator can only generate passphrases with 39 bits or more.
-
The “recommended” entropy for passwords is now in the range 42–86 bits (depending on character sets enabled), while the “recommended” entropy for passphrases is 78 bits.
-
The upper limit is still 785 bits for passwords, but 266 bits for passphrases.
Interestingly, the PR provides for a “policy” to override the hard lower bound for password/passphrase length, but it is unclear to me whether this is an Enterprise Policy, or whether the use of the term “policy” here refers to user-settable options. Based on examining some of the code, I’m hopeful that it is the latter.