Online list with pw-complexity of known sites

Feature name

Password complexity database

Feature function

I always struggle with finding the maximum allowed password complexity. It’s often hard and sometimes even incorrect written on websites.
It would be nice if we could collect those security-rules (maximum length, are special characters allowed?) in a database and if a user of bitwarden wants to store a new password/user entry to a site, bitwarden can recommend a password complexity based on the maximum allowed rules.
This feature could also work on existing vault health reports where the report can propose a more complex password on certain sites.

The catch-22 of this is that attackers will know the same :slight_smile:

Well, those information are no secret. They will be displayed to the user if they enter a password that is too short, too long or contains forbidden characters.
Also, a more complex password is something that makes bruteforcing only harder.
I don’t think that there is any benefitfor an attacker in knowing those information.
If the database would contain the minimum password length then yes, this would help the attacker in a very small way. But then again the attacker can try creating an account with a 1-char password an he will be directly hinted at the lower spec of the password.

Not always, if it is too long. Some sites simply cut off “too long” passwords without telling the user.

Most of the time i make sure the website isn’t doing that by trying to log in once with my password with one char removed at the end.
But I’m not talking about what the website does, I’m more talking about the real website password rules.
It’s not hard to just ask the support for the maximum length of a password once and store it in a database i think :slight_smile:

Apple has an open source project to collect this information: Password Manager Resources
See file: quirks/password-rules.json

2 Likes

If bitwarden would implement my proposed feature, i would love to add hundreds of entries to this repository. But maybe bitwarden should fork it. Doesn’t seem safe when it’s only boud to “apple” ^^°

Why don’t you add your entries to the Apple repository? That way all the companies that implement this would benefit.

@RobertT - you’re correct. The goal here is to put all these items in an open-source area. I’d looked at the some of the new functionality that Apple is trying to introduce, but didn’t see the website list, thanks for sharing!

1 Like

@RobertT i will gladly add entries there. I just didn’t had the feeling, from a first look at the list, that it is used that much. And if i put effort into this list, i want to know that it is at least used somewhere :slight_smile:
And i didn’t know about this repo before,so thanks for hinting me to it :slight_smile: