KeePassium icon indicating copy to clipboard operation
KeePassium copied to clipboard
verified publisher icon keepassium

Add password generator options

Open tberta opened this issue 3 years ago • 3 comments

What can be improved? i like to use passwords composed of several different words when I register on web sites. But I need also to match the sites requirements for password, that often include :

  • Mixed case
  • Numbers
  • Special characters
  • A password length limit

The actual secret phrase generator

  • only include lower case / UPPERCASE and First Letter Upper Case.
  • Size can be only set as a number of words
  • i need to add numbers and special chars manually

The solution you'd like I’d like to have more choice for this password generator based on wordlist :

  • a fourth case option, with alternating WORD case. Eg : MY example PASSWORD
  • Add padding digits (before and/or after words)
  • Add some padding symbols (before and/or after words)
  • Set the size as a number of characters instead of number of words.

Alternatives you've considered Currently I use https://xkpasswd.net/s/ in the default config and am fully inspired by it for this suggestion / refinement request.

Thanks for reading.

tberta avatar Oct 28 '22 22:10 tberta

Thank you for the suggestion.

I think I understand the rationale: passphrases are easier to type when required, but they are often rejected by too rigid password rules (numbers, special characters, max-length, etc). So it would be useful to throw in a random digit and a special character just to satisfy the checker.

That said, I don't quite see the point of overcomplicating this.

Set the size as a number of characters instead of number of words.

The strength of passphrases is their long length. If a website restricts the maximum input length, it would be much safer to ~avoid it~ use a standard random password. If we have only 10 characters to fill, why waste them on a weak 4duckling% if we could use a Kf*q8aH#[6 instead?

  • a fourth case option, with alternating WORD case. Eg : MY example PASSWORD
  • Add padding digits (before and/or after words)
  • Add some padding symbols (before and/or after words)

Yes, these additions would increase the entropy of the generated password (no longer a phrase as such). At the cost of more complicated UI and more complicated typing.

A 7-word phrase from EFF long list is 7776^7 ~ 10^27 combinations. With random padding and alternating case, we can bump it up a bit. Is it worth the trouble, though? Why not just add another word or two?

keepassium avatar Oct 29 '22 11:10 keepassium

@tberta , do you want to comment on the above? Without further feedback, I would have to close this…

keepassium avatar Nov 24 '22 23:11 keepassium

@keepassium I understand your will to not over-complicate the UI. On this topic, Instead of modifying the UI of the passphrase mode, it could be an additional password mode.

The fact is that numerous web sites requires multiple categories of characters and very often limit the length of passwords. And I like yo use pronuncable (or easy to type if I need to) passwords.

So I'm falling back to « pass phrase » mode of KeePassium, that I customize each time to add numbers.

Anyway it’s not a big deal. You can close this suggestion. And if others find this suggestion relevant, they can vote or comment 😉

tberta avatar Nov 26 '22 16:11 tberta

@tberta , (a very late) thank you for the details. Considering that there were no similar requests so far, we can probably agree this would have been a very, very niche feature. So I'm afraid this won't be worked on.

keepassium avatar Mar 06 '24 22:03 keepassium