More Password Generator Enhancements (Comprehensive List)

More Password Generator Enhancements

This is quite a commonly suggested topic, so I went through all of them that I could find, aggregated them all, and then added a bunch of my own (stupid) suggestions. If any of the ideas are good, assume they came from someone else. If any of them are bad, just assume they’re my ideas.

Feature function

Here’s a list of a bunch of things that could be added to the generators which would be cool and/or funny (And at this point, you can go for funny without compromising security. If your password gets 200 bits of entropy from it, you can afford to do some stupid things like put emojis in it):

  • More characters. Right now there are 70 unique characters bitwarden has access to when generating passwords. We want to flex on people, so why not turn that up? Here are a few suggestions, in no particular order:
    • (, ), -, _, =, +, [, ], {, }, |, ;, :, , ", ,, ., <, >, /, ?, !, ~, `,
  • No repeated characters/limit repeated characters to x characters. For example, some (bad) sites disallow repeated characters, so they might the password FRFkJz86UuFop4bYCCr6aCNWFRO0wC because the characters F and C are repeated a total of 4 times each.
  • Unicode in passwords.
    Okay, hear me out, it might sound stupid, but it would also be funny. And it would be cryptographically secure. (Though, it would break some badly made sites. So it should probably be off by default and have a big yellow warning on it.) Here are some character classes that I think would be fun to add:
  • Alternative Generators (Currently there exists the “Password” and “Passphrase” generators, here are a few more I propose) (Note: an example generator is linked for each item.)
    • PIN Generator. Generates 4+ numerical characters. Pretty simple.
    • Readable Passphrase Generator. Just a sentence that is grammatically correct.
    • Pronounceable Sounds Generator. This just generates a series of pronounceable syllables (eg. “oo”, “ai”, “uh”, etc.) to make up a nonsense word. I couldn’t find any good list online of all the syllables, but here is a semi decent (?) list. Also, since this is not a common type of password, here’s a few examples to help you get the gist of it: (each syllable is separated by a dash (-))
      • dgah-rhausc-sta-hoy
      • ghir-phough-zzoa-cew-sigh
      • scir-be-ngir-quour-thor-mie
      • ppoa-my-chough-powmn-pow-zzo
      • wroi-dgey-mmoi-ry
    • Pronounceable Words Generator. Basically like the one above, except it generates a word that doesn’t exist. Now, using something like GPT-2 for this is kinda overkill (like how it was done with that example), but I’m sure it’s possible to make an algorithm to generate new and unique words.
    • Unicode Generator. Using the previously provided list of unicode characters, you could add a custom generator which will use all of those (or maybe the whole unicode list?) to generate a password.
    • Email address Generator. Okay, this sounds stupid (and is stupid) as I’m writing this, but who cares?? If we’re doing unicode passwords, we might as well go all in and do all the other stupid ideas. Also, it’s funny. This just generates a valid password that follows the RFC2822 specification. Or just do [word]@[domain from list].[ending from list]
    • Passphrase Generator. Okay, I know that bitwarden already has this, but right now it’s not possible to remove the space. It’d be nice if it could do that. Also, here’s a few more things that would be cool to include:
      • Names of places
      • Names of companies
      • Common slag
      • Acronyms
      • Other (non-English) languages
  • Show how strong your password is underneath the randomly generated password. For example, you could show:
    • Amount of permutations with your password settings.
    • Bits of entropy
    • Character set (how many unique characters can be used with your generator configuration)

Related topics + references

  • + probably a lot more

Let’s do that :smiley:

Unicode? Yes please!

Obviously adding this many options to the existing PW generator would just make the UI clunky and crowded, as well as the already mentioned issues with unicode characters breaking sites. I’d suggest adding an advanced options dropdown at the bottom of the browser plugin/desktop app, which would have a button to open the advanced generator prompt, which would include all the unicode options (as well as a warning that unicode characters may not work on many/most sites)

Readable Passphrase is a prime candidate for adding as a new option in the existing Password/Passphrase dropdown imo.

I feel Pronounceable Sounds/Words would probably work well as sub-options under Bitwarden’s existing passphrase generator.

To explain some of the things, I made some mock-ups here: Imgur: The magic of the Internet

Composite passphraseword:

  • i.e. 7777^3 * 70^4 = ~10^19
  • (e.g. phonics-bolt-ridden-4rA#)

Easier to type. Short enough to fit in any box. Unlike the current passphrase generator, it will pass any validation for special characters.