Remember Password Generator Settings for Each Login

I’d really like to see Bitwarden remember the particular password generator settings you use for each site. And that includes allowing you to specify a custom set of special characters. Sites vary in all the various requirements but many don’t clearly tell you what those requirements are.

I always want to create the most maximally robust passwords possible, so not knowing the maximum requirements is an obstacle, and having to configure the generator each time once I do know them is cumbersome.

This feature is important because it’s good practice to change your passwords on some relatively frequent basis, and thus the process for doing that should be made as easy as possible, or you won’t bother doing it.

Debateable. It was recommended for a long time, but tends not to be recommended these days. Current thinking is that they should only be changed if they are breached.

@Davidz I work at a large global bank where information security is at the forefront of everything we do. Passwords are changed every 3 months. So I’m interested to know whose current thinking you cite.

In any case, this is a digression from the point made by @JerryL. There are all kinds of reasons that someone might want to change their password, and it’s BitWarden’s job to make that as easy as possible.

Please take a look at this:

Peter_H: If you are still a fan of this “change your password”-idea, please take a look at this: Nist.gov: “Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.”

If you search for this recommendation across other sources you will find that the issue is to not mandate the periodic change in order to avoid users cutting corners by simply appending a suffix or other minor variation to their previous password. But that’s not relevant when you’re using a password manager with a generator, like BitWarden. It’s easy enough to simply auto-generate a new completely different and robust password. The point of my feature request is to have BitWarden facilitate this operation by remembering the maximum requirements for each login.

1 Like

Actually, in your original post you said the point was this:

And I think @Peter_H was just trying to provide some rationale and evidence to why this old guidance has changed, which is constructive.

Regardless, many organizations still apply this dated policy, so I see the need to facilitate it. I hope you garner support for your request so that it will be considered.

2 Likes

dh024: Again, the problem is with organizations mandating the policy in the absence of an easy, automatic way to generate new robust passwords. The guidance seem to have changed only in recognition that users will otherwise take counterproductive short-cuts.

But users armed with an easy to use password generator wouldn’t be so easily led to take such shortcuts, and suffixing an already inscrutable, hard to remember password makes no sense. Under these circumstances, changing passwords on some frequent basis is then still good policy.

BitWarden should step up and take the initiative to make the frequent and robust changing of passwords as easy as possible.

1 Like

The key word in that recommendation is memorized. We’re using a password manager here, human memory is not involved.
The password manager needs to make it as easy as possible, which is the point.