Improving The Passphrase Randomness

Currently, when we create a passphrase in Bitwarden with capitals and numbers, we get this.

  • Breeder-Bonfire7-Uselessly
  • Illusive-Circular-Ramp5
  • Immovable3-Ammonium-Ravine

The random number is always predictably at the end of one of the words.

To make this more random, take the length of the generated passphrase and find a random number up to the length, then put the random there. This would create a passphrase that looks like this.

  • Breeder-Bo7nfire-Uselessly
  • Illusiv5e-Circular-Ramp
  • Immovable-Ammonium-Rav3ine

Not only is this less predictable, but it protects against dictionary attacks too. “Bo7nfire” is not a word in any dictionary, but it’s still easy to type and read.

While it would be nice if it did this it is easy enough to alter the capitalisation, add one or more numbers in the middle of words and so on. In other words use the Bitwarden generated phrase as a suggestion to be improved upon.

1 Like

Very true, but the average user is not aware of this so it’s better to default to protecting them.

Furthermore, it would be also helpful to do some basic character substitution in the passphrase, o->0, e->3, etc, which would make the word easy to type in without the need to copy it to the clipboard

Would be good if the following settings could be enabled for the passphrase:

  • Replace alphabetic character w/ number
  • Replace alphabetic character w/ special character (i.e., @&*())