I always struggle with finding the maximum allowed password complexity. It’s often hard and sometimes even incorrect written on websites.
It would be nice if we could collect those security-rules (maximum length, are special characters allowed?) in a database and if a user of bitwarden wants to store a new password/user entry to a site, bitwarden can recommend a password complexity based on the maximum allowed rules.
This feature could also work on existing vault health reports where the report can propose a more complex password on certain sites.
Well, those information are no secret. They will be displayed to the user if they enter a password that is too short, too long or contains forbidden characters.
Also, a more complex password is something that makes bruteforcing only harder.
I don’t think that there is any benefitfor an attacker in knowing those information.
If the database would contain the minimum password length then yes, this would help the attacker in a very small way. But then again the attacker can try creating an account with a 1-char password an he will be directly hinted at the lower spec of the password.
Most of the time i make sure the website isn’t doing that by trying to log in once with my password with one char removed at the end.
But I’m not talking about what the website does, I’m more talking about the real website password rules.
It’s not hard to just ask the support for the maximum length of a password once and store it in a database i think
If bitwarden would implement my proposed feature, i would love to add hundreds of entries to this repository. But maybe bitwarden should fork it. Doesn’t seem safe when it’s only boud to “apple” ^^°
@RobertT - you’re correct. The goal here is to put all these items in an open-source area. I’d looked at the some of the new functionality that Apple is trying to introduce, but didn’t see the website list, thanks for sharing!
@RobertT i will gladly add entries there. I just didn’t had the feeling, from a first look at the list, that it is used that much. And if i put effort into this list, i want to know that it is at least used somewhere
And i didn’t know about this repo before,so thanks for hinting me to it
