Password Strength Testing Tool with Non-English Dictionaries


It seems that the Password Strength Testing Tool | Bitwarden tool isn’t using other dictionaries than English. I tested with a browser with the Polish language that was sending the PL language header and the tool treated common Polish words as random strings.

I think that it might be an issue because an attacker could easily find the language that a user is using (for example by checking the language of their posts on social media) and use the correct dictionary for bruteforce attacks. However, a user that found the tool might join two common words and see the meter showing that the password is secure. They could then use such a password believing it to be secure when in fact it’s not.

I found an implementation of zxcvbn that has more dictionaries than the one from Dropbox: GitHub - zxcvbn-ts/zxcvbn: Low-Budget Password Strength Estimation

zxcvbn/data at master · dropbox/zxcvbn · GitHub only has an English dict.

FYI, I changed this from a community question to a feature request, and modified the topic title to Password Strength Testing Tool with Non-English Dictionaries (Was: Password Strength Testing Tool is Missing).