Passphrase Generator generates boring passphrases, and I have suggestion.
I’d appreciate if Bitwarden had options to add numbers and special symbols.
Numbers could contain 1-3 symbols in a row, and special symbols would be by 1 in a row.
Numbers and special symbols would replace separator chars.
@dgzargo Welcome to the forum!
The password generator is designed to produce cracking-resistant credentials, not to alleviate boredom. For maximum security (maximum entropy per character), select the Password option, enable all character classes, and disable the option “Avoid ambiguous characters”:
The Passphrase option should only be used for credentials that have to be memorized or manually typed. Modifying passphrases in the way that you have described makes them much difficult to remember and to type, which defeats the whole purpose of this type of credential.
1 Like
When I said “boring” I meant that it’s not secure enough for given length. They are long but have predictable formula: [a-z\-]+
I want to have less words to remember, but add more numbers and special symbols instead.
My main use-case for them is to type password while looking in the password manager.
Passwords are too random for quick typing, and usernames are too short.
To make a passphrase more secure, the best method is to add an extra word.
revolver-cupcake-book-choking-lark is almost 8000× more secure than revolver-cupcake-book-choking.
In contrast, revolver$cupcake&book^choking is only 500× more secure than revolver-cupcake-book-choking, but it is 15× less secure than the 5-word phrase revolver-cupcake-book-choking-lark.
Similarly, revolver4cupcake6book7choking is 1000× more secure than revolver-cupcake-book-choking, but it is 8× less secure than the 5-word phrase revolver-cupcake-book-choking-lark.
Both modified versions (revolver$cupcake&book^choking and revolver4cupcake6book7choking) are much more difficult to memorize and type than the unmodified 5-word passphrase (revolver-cupcake-book-choking-lark).
If you use 3-digit numerical sequences as word separators, you get something like revolver078cupcake641book132choking, which will be extremely difficult to remember (and cumbersome to type).
I agree with your estimate of brute-force complexity and how hard it’s to remember.
But I don’t agree that isn’t useful.
My arguments:
- My use-case (retyping on another device) doesn’t require remembering.
- Some websites have restrictions on the password length.
If that is your concern, then you should drop the passphrase words altogether (they have very low entropy/strength per character), and use an all-numeric password instead — insert separators to aid with typing, if necessary:
7340 1780 6750 0600 is about 3× stronger than
revolver-cupcake-book-choking (but is much shorter in length).
7340 1780 6750 0600 1745 is about 3× stronger than
revolver-cupcake-book-choking-lark (but is much shorter in length).
If you don’t want to manually insert the spaces separating the groups of 4 digits, you can store these number sequences as Card items instead of Login items:
This will be automatically be displayed as follows:
1 Like