Passphrase Generator 6 word minimum except on mobile

dunxd · November 20, 2024, 2:42pm

When trying to create a new passphrase using the generator in a Browser add-on or the Windows Bitwarden apps, it seems I can’t generate a phrase with less than 6 words. However, on the mobile I can generate with 3 words.

This seems like an odd choice:

Is 3, 4 or 5 words somehow more secure if it is done on a mobile?
Should the user not be able to choose any number they like?

My use case here is generating passphrases to share with other people when resetting passwords. It is hard enough to get them to accept passphrases as it is. When I tell them they need to type in 6 words they look at me like I am crazy - then they will reset them to something short and less secure the first opportunity they get.

Nail1684 · November 20, 2024, 3:13pm

It seems, this is going to be reverted with the next release: [PM-14964] revert passphrase minimum by audreyality · Pull Request #12019 · bitwarden/clients · GitHub

There are some further discussions about that in this feature request: Avoid Arbitrary Length Restrictions in Generator

dunxd · November 20, 2024, 8:36pm

Blimey - it seems everything I noticed recently is getting fixed in the next release.

What’s going on with QA at Bitwarden?