Please expand the "Master password hint" maximum number of characters allowed

It is already hard enough to have a strong passphrase, complex multi-word and special characters, that you can get away with, without writing it down somewhere.

If I pass or become mentally unable, my beneficiary/descent must be able to open it, and the password hint is the only way. How are they supposed to derive my masterpass from the hint, if all they can have is a 6 words hint? There is no space for descriptions, riddles, etc

If you give me few characters, I have to be very direct and obvious
“Julia’s from japan nicknm uppercase +5 and ?” vs, be descriptive and include information only few people can possibly know →
“the nickname of girl we met when traveling together on our second international flight, replacing bla bla bla, and concatenate with the number of mama’s favourite object bla bla blabla blabla bla”

What’s the point of having the character counts of the “master password hint” in a first place??

EDIT: out of curiosity, how would a wizard deal with backing up their passphrase using best practices, given this limitation?
hint → “Solve the riddle in my safebox under the mattress” ?

1 Like

As counter-intuitive as it may seem, it is considered good practice to actually write down your Master Password (as well as your 2FA recovery code — you are using 2FA, right?) on one or more pieces of paper, and store these emergency kits in a secure location (multiple locations if there are multiple copies), using a security envelope (or a DIY security envelope).

Depending on the availability of “secure locations” in your environment (or depending on how paranoid you are), there are other, more complex schemes that could be used (e.g., Shamir’s Secret Sharing scheme, for which you can find downloadable calculators).

However, for emergency vault access in case of death or incapacitation, a Premium subscription will give you access to Bitwarden’s Emergency Access feature.


Can I use UTF emoji in the hint?

Out of curiosity, I tested this, and came to the conclusion that it is probably best to avoid emojis.

I set the following password hint:

(corresponding to ☺ ♫ 😈)

After logging back in to the Web Vault, I confirmed that the password hint still looked as intended.

However, in the email that was received when the password hint was requested, the following was displayed:

:smiling_face: ♫ ��
(corresponding to ☺ ♫ ��)

The same thing happened after I changed the settings in my email client so that the default character set used for displaying messages would be UTF-8.

Thus, it seems to work for some emojis, but not others.