In fact, I have two - they’re both entries for TeamViewer:
-
[broken link]
How is this possible? Shouldn’t passwords be limited to 128 characters?
In fact, I have two - they’re both entries for TeamViewer:
[broken link]
How is this possible? Shouldn’t passwords be limited to 128 characters?
Isn’t the 128 character limit from the password generator?
I assume a password length is only governed by the encrypted value limit of 5,000 characters that we see in the notes field.
I don’t think you’re adding much to the security by having such a long password. However, I really would appreciate a larger notes field.
@JaredRichardWilliam Welcome to the forum!
The 128-character limit is for the built-in password generator, but there is nothing to stop you from storing passwords that are longer. I believe that the limit is 5000 characters after encryption, and as encryption generally expands the size of a text string by around 35%, your vault entries should be able to store passwords that are up to 3700 characters long, give or take.
Did you import these passwords? Most likely they were generated outside of Bitwarden, and then imported (or simply copied and pasted into Bitwarden). Besides the password length, this password contains special characters that are not used by Bitwarden’s password generator.
WARNING: You have just published a password and the corresponding website in a public forum. Your forum username also appears to potentially contain personally identifying information. As a result, your TeamViewer account may be at high risk for compromise, unless you CHANGE YOUR PASSWORD IMMEDIATELY!
You may already be fully aware of the risks, and have already changed your password (and perhaps your forum username is an elaborate pseudonym, not your real name), but I am compelled to provide the above warning in case you were not aware of the repercussions of posting a password screenshot.
Hi @grb thanks for the callout - @JaredRichardWilliam I have obscured all but the numbers at the bottom of your first image. It looks like the second image never uploaded properly.
I’m @JaredRichardWilliam’s brother, and the actual author of the post from his account. Jared never checks his e-mails.
The reason that I asked this was because per https://www.reddit.com/r/Bitwarden/comments/1937454/comment/kh7s9h3/?utm_source=share&utm_medium=web2x&context=3, when I switched from LastPass to Bitwarden, the only way I was able to import my passwords was by removing all entries with >128-character passwords from the CSV before import. Perhaps I merely encountered a limitation of the importer rather than the vault itself.
@grb, I’m not stupid enough to post in-use credentials. These credentials were corrupt somehow, because none of his TW accounts have ever had a password of that length, and I randomized some letters anyway. Thanks though.
Apologies, @sj-bitwarden. I’ll upload it if I find it. I think it was even more stupidly long.
What’s its maximum, @DoctorB?
That’s not straightforward because the limits are post encryption and encryption tends to increase size by 30% to 50% but will depend on the content.
From memory the post encryption limits are 5,000 characters and 10,000 characters for custom fields and secure notes. I think there is a section in the help that details these limits.
That’s a relief, but we get all kinds on the online forums, so it was best not to assume.
The maximum length of notes is 10,000 characters after encryption, which corresponds to approximately 7500 characters before encryption.
I’m not sure that makes sense, @grb. (Do you mean bytes?) I’m not sure the character count can increase after encryption. Where did you get this from?
Maybe you’re confusing encryption with compression? Or not accounting for the effects of Base-64 encoding? Encryption definitely expands the size of the data.
See here:
You can test it for yourself using Bitwarden’s interactive cryptography tool: compare the length of the strings in the fields “Secret Value” (or “Decrypted”) and “Cipher String” at the bottom of the page.
I see what you mean now. I didn’t understand how it could store more original password characters when encrypted (without an MITM XD). Interpreting it that way was silly of me.
I expect my misconception about the maximum size may have come from an experience that I and others have shared, per news.ycombinator.com/item?id=37646488
:
Bitwarden’s UX hasn’t improved as far as I can tell; more importantly, it refused to import my secrets because I had a secure note that was too big for it. Not “refused to import that note”; refused to import anything—there’s no skip option. I had to do a bunch of manual nonsense, which still left me in an incomplete state because I both need that note and want it in my vault (splitting it into multiple notes is an option but also an ugly kludge).
This is what I recall needing to when I imported my vault from LastPass - I expect I assumed that the maximum that the importer accepted is the maximum that Bitwarden itself accepts.
I’ve located the relevant request, if of interest: