Wow - you turn your head for a few days and everything has changed!
My 16-character Master Password (like the example you provided) is difficult to use for two reasons -
- I know what it is, but I can’t ‘spell’ it without concentrating. It’s like I’m 9-years old and back in school trying to spell ‘irreplaceable’ or similar. I still find that the password doesn’t burst into my memory thanks to a mnemonic - which is a good thing from a security point-of-view.
- Thanks to BitWarden I rarely had to use my Master Password. The biometric access to the desktop app and to the browser extension covered 90+% of my requirements. So my fingers have never learned a fluent muscle memory for typing it, like other English language words and phrases.
That aspect - the ease of use - is my only issue. Having calculated permutations, substitutions, entropy etc I’m happy with the level of security it provides.
I’m not sure I completely buy in to the four-word passphrase being a superior method of securing my Bitwarden vault. I’ve tried reading various explanations of this. The classic xkcd example of “Tr0ub4dor&3” as weak, and “correct horse battery staple” as strong is compromised from the outset. That 4-word phrase may be a better example than that password, but my password is already very much more secure than all.
Like a couple of others here, I’m disappointed that I didn’t realise the consequences of Bitwarden’s recent change with regard to biometric login. Biometrics just suited my workflow so well that any change away from that was bound to be seen as retrograde, at least initially. Bitwarden has still got a lot of excellent features, so I’m not quite jumping ship yet. Let’s see if I can learn to spell first!