More Password Generator Enhancements (Comprehensive List)

More Password Generator Enhancements

This is quite a commonly suggested topic, so I went through all of them that I could find, aggregated them all, and then added a bunch of my own (stupid) suggestions. If any of the ideas are good, assume they came from someone else. If any of them are bad, just assume they’re my ideas.

Feature function

Here’s a list of a bunch of things that could be added to the generators which would be cool and/or funny (And at this point, you can go for funny without compromising security. If your password gets 200 bits of entropy from it, you can afford to do some stupid things like put emojis in it):

  • More characters. Right now there are 70 unique characters bitwarden has access to when generating passwords. We want to flex on people, so why not turn that up? Here are a few suggestions, in no particular order:
    • (, ), -, _, =, +, [, ], {, }, |, ;, :, , ", ,, ., <, >, /, ?, !, ~, `,
  • No repeated characters/limit repeated characters to x characters. For example, some (bad) sites disallow repeated characters, so they might the password FRFkJz86UuFop4bYCCr6aCNWFRO0wC because the characters F and C are repeated a total of 4 times each.
  • Unicode in passwords.
    Okay, hear me out, it might sound stupid, but it would also be funny. And it would be cryptographically secure. (Though, it would break some badly made sites. So it should probably be off by default and have a big yellow warning on it.) Here are some character classes that I think would be fun to add:
  • Alternative Generators (Currently there exists the “Password” and “Passphrase” generators, here are a few more I propose) (Note: an example generator is linked for each item.)
    • PIN Generator. Generates 4+ numerical characters. Pretty simple.
    • Readable Passphrase Generator. Just a sentence that is grammatically correct.
    • Pronounceable Sounds Generator. This just generates a series of pronounceable syllables (eg. “oo”, “ai”, “uh”, etc.) to make up a nonsense word. I couldn’t find any good list online of all the syllables, but here is a semi decent (?) list. Also, since this is not a common type of password, here’s a few examples to help you get the gist of it: (each syllable is separated by a dash (-))
      • dgah-rhausc-sta-hoy
      • ghir-phough-zzoa-cew-sigh
      • scir-be-ngir-quour-thor-mie
      • ppoa-my-chough-powmn-pow-zzo
      • wroi-dgey-mmoi-ry
    • Pronounceable Words Generator. Basically like the one above, except it generates a word that doesn’t exist. Now, using something like GPT-2 for this is kinda overkill (like how it was done with that example), but I’m sure it’s possible to make an algorithm to generate new and unique words.
    • Unicode Generator. Using the previously provided list of unicode characters, you could add a custom generator which will use all of those (or maybe the whole unicode list?) to generate a password.
    • Email address Generator. Okay, this sounds stupid (and is stupid) as I’m writing this, but who cares?? If we’re doing unicode passwords, we might as well go all in and do all the other stupid ideas. Also, it’s funny. This just generates a valid password that follows the RFC2822 specification. Or just do [word]@[domain from list].[ending from list]
    • Passphrase Generator. Okay, I know that bitwarden already has this, but right now it’s not possible to remove the space. It’d be nice if it could do that. Also, here’s a few more things that would be cool to include:
      • Names of places
      • Names of companies
      • Common slag
      • Acronyms
      • Other (non-English) languages
  • Show how strong your password is underneath the randomly generated password. For example, you could show:
    • Amount of permutations with your password settings.
    • Bits of entropy
    • Character set (how many unique characters can be used with your generator configuration)

Related topics + references

  • + probably a lot more

Let’s do that :smiley:

1 Like

Unicode? Yes please!

Obviously adding this many options to the existing PW generator would just make the UI clunky and crowded, as well as the already mentioned issues with unicode characters breaking sites. I’d suggest adding an advanced options dropdown at the bottom of the browser plugin/desktop app, which would have a button to open the advanced generator prompt, which would include all the unicode options (as well as a warning that unicode characters may not work on many/most sites)

Readable Passphrase is a prime candidate for adding as a new option in the existing Password/Passphrase dropdown imo.

I feel Pronounceable Sounds/Words would probably work well as sub-options under Bitwarden’s existing passphrase generator.

1 Like

To explain some of the things, I made some mock-ups here: Imgur: The magic of the Internet

2 Likes

Composite passphraseword:

  • i.e. 7777^3 * 70^4 = ~10^19
  • (e.g. phonics-bolt-ridden-4rA#)

Easier to type. Short enough to fit in any box. Unlike the current passphrase generator, it will pass any validation for special characters.

voting for “” passphrase separators, instead of " ". to be explicit i want no character inserted as separator when the separator field is empty.

2 Likes

@tgreer Please have a look into this.

I would like to add the option to submit word lists (other language dictionaries, or maybe even jargon lists) for the base of the passphrase generator.

Currently, the password generator is limited to ASCII characters. I would like to mix ASCII with Russian letters (I live in Russia) because this would make passwords harder to brute force.

In Russia, every keyboard has both English and Russian letters, so typing Cyrillic would be as easy as typing ASCII.

People from other countries probably would like to use their national alphabets, e.g. Greek.

I suggest adding a custom charset in the password generator, where the user can select between national alphabets.

If my feature request is accepted, you may need to rethink the “avoid ambiguous characters” option. For example, English ‘A’ and Russian ‘А’ look the same.

A similar feature request exists: More Password Generator Enhancements (Comprehensive List)

I agree with this proposal. Adding different languages/dictionaries to the passphrases option, is of similar value. In first instance, you can limit this to languages who have/offer an open dictionary or word list.

Just a few examples:
NL: Bestanden downloaden
FR: Grammalecte
RU: Новый пакет словарей русского языка (орфографический, переносы, тезаурус) » Extensions

… or basically base off of the LibreOffice dictionary overview here:

1 Like

I love my Bitwarden (paying customer), but the password generator in Android could use some attention.

The addition of a “Create login with this password” button would make a huge difference.

The current workflow for saving a generated password seems to be:

  1. Open android shade/top drawer
  2. Click Generate Password button
  3. Password generates and I can copy it to add to app or website.

I cant easily create an entry with this long random password I didn’t even read the first three characters in order to recognise the password. So:

  1. Back out or open Bitwarden and create a new login
  2. Fill out login field
  3. Paste password from clip board - whoops it has been cleared from clipboard. How do I get to password history from new login page?
  4. Eventually find password history screen - which of these passwords were the one I used? Trial and error entry till I get the right one.

Addition of Add Login with this password button would eliminate most of this.

Alternatively replace password generator shade button with Add New Login button which gets into a different password generation UI.

Perhaps I’m missing something?

1 Like

You could do this instead (at least on Android, not sure about iOS):

  1. Create new login.
  2. Fill in details. When it comes to the password field, press the little icon with two arrows going round in a circle (like a recycle symbol).
  3. The password generator pops up. When you have the password you want, press “Select” at the top right.
  4. The password field is populated with the generated value and you can complete the new login.

As I mentioned, if New Login was a shade button it would be far more useful than the password generator, which doesn’t have an easy way to save a generated password with an item in Bitwarden.

Feature name

  • Improve password generator

Feature function

  • Add the ability to choose which characters must be entered to generate the password
  • Show entropy value
  • Indicate password quality

Screenshot

Related topics + references

This is a duplicate. There are lots of other threads talking about this.
Please see the links below:

  1. Brand new Bitwarden user: First impressions and To-Do's
  2. Generate pronounceable passwords
  3. Choose the word list for passphrases - #5 by MetBril
  4. Improve random password generation

Also, don’t forget to check the passphrase generator in the platforms. It already has high entropy and can secure you from security breaches, as well as keeping them memorable, so you can remember later, if necessary.

1 Like

This is not a duplicate. I am not interested in generating passphrases or pronounceable passwords or inserting additional characters in the password generation. My request is different. As in KeePassXC, I would like to know the quality of the password, the level of entropy of the password and I would like to be able to choose which characters my password should consist of.

Sounds similar to this existing feature request. It has 32 votes already: Show password strength (zxcvbn) under Password Generator and Password Fields

Since there are a number of existing feature requests on the password generator, you should probably be more specific if your feature request is different from all of them.

If your request is even slightly similar to an existing one that has a larger number of votes, it is probably better to vote for that request and discuss your recommendations there due to how voting system works.

Some other feature requests I found beyond ones that K0media listed are shown below.


For special characters:

Other requests

How about this:

  1. Add an option to define a custom JS function for password generation.
  2. Add an option to define a custom JS function for password analysis.

Then let the community sort out the rest.

Sounds similar to this existing feature request. It has 32 votes already: Show password strength (zxcvbn) under Password Generator and Password Fields

Part of my request is similar to this existing feature request.

Probably duplicate request for customizing characters (10 votes, Oct 2020):
Link: Customize what special characters are allowed to use in the Password Generator

The other part of my request looks like this existing feature request.

Plus I added the screenshot of the KeePassXC password generator to give you an idea of the functionality I was requesting. I believe that it is the most comprehensive password generator out there.

1 Like

This might meet your needs until BW generator becomes more robust. It’s nearly a duplicate to the keepassxc generator.

XKpasswd