Password Generator Should Have More Character Set

These sets are missing:

  1. Minus (-)
  2. Underline (_)
  3. Space ( )
  4. Brackets ([]{}()<>)
  5. High ANSI

Plus you should allow users to type a length number rather than using sliding piece.

An idea could be to add a custom character set field in which the user could type the characters he wants to add ?

1 Like

More discussion here : Filter special characters in generated passwords per login

Maybe you could simply insert a custom in field the settings where the user can list extra characters he wants to allow and use for passwords. Thank you!

This way it is easy for everyone to add his own characters, like for example Germans often use ä ö and ü - normal letters in the German alphabet.

I have to agree - eight special characters is way too small a set.

A feature idea related to this, which I don’t think any password manager has, would be an option field displaying a string of special characters with some separation between them - and after you have a randomly generated password, you can click on the individual special chars, and the generator will randomly substitute them into the already generated string.

Why? Because on a semi-regular basis, I’ll run across some site that has decided themselves on a subset of special characters - that for some reason doesn’t accept ampersand or exclamation mark, for some idiotic reason. When I hit such sites, I inevitably have to regenerate the password multiple times until the string finally comes up with a password with special characters, but without the bizarrely unacceptable one…

Is it though? With upper- and lower-case letters, digits and those eight special chars, that’s a set of 70 symbols. As you can set the length of the required password, you can produce uncrackable passwords very easily.

Why not just go with the first password generated but substitute allowed special characters for any invalid ones?

Is it though?

Well, lets turn it around. What technical or other reason would prohibit expanding the special character set? What negative effects might it incur? A larger character set means a greater entropy pool. I don’t see any downside to that.

As you can set the length of the required password

Very often, you are constrained by the destination site. Yes, I can generate a password a hundred characters long, and frankly I wish I could do that everywhere. Most sites will choke and barf if you try that.

Why not just go with the first password generated but substitute allowed special characters for any invalid ones?

Well sure. I could also just forget about bitwarden and use a pencil and paper to make up passwords. It worked thirty years ago, it can still work now!

My understanding - and expectation - is that a password manager such as bitwarden exists to make secure password creation, entry, and safe storage as easy and convenient as possible. I’ve done the dance you suggest. I’m proposing a feature enhancement, so that the end user does not have to do that manual dance. It would make the application better. In my opinion.

1 Like

I don’t disagree with any of that. My suggestion was to get around the current limitation you’re finding with the password generator. What you’ve proposed are all reasonable enhancements that could be made :+1:t2: