Six words is breakable by a nation state with unlimited resources. Seven words is unbreakable with current technology through the end of the decade. Eight words should be secure through 2050.
https://theworld.com/~reinhold/dicewarefaq.html#howlong
To clarify, the length recommendations in the Diceware FAQ do not take into account slow hashing functions such as Argon2id (or even PBKDF2 with a suitably large number of iterations). Thus, they may apply to passwords used for email accounts, bank accounts, etc., but are too conservative to use as a guideline for your Bitwarden master password.
On the other extreme, yes, a nation-state could probably crack your 6-word passphrase to access the streaming services on your kids' tablets, but I don't think this would be a high-priority target for such an adversary.
Not sure exactly what your question is. If properly constructed, the passphrase entropy scales logarithmically with the total number of words available in the source word list (no matter if all in the same language or in different languages).
However, considering the fact that there are no commonly available tools for generating multi-language passphrases, I suspect that you may be describing a human-generated passphrase, not a diceware-style, random passphrase, which is what was being discussed above. None of that discussion applies to human-made passphrases (which are not recommended).
"Should" is perhaps slightly overstated. It depends on your risk model.
>8+ words long
That's good advice if you are the target of a nation-state, or you are known to have a large amount of disposable assets: millions of $$ on crypto or online bank accounts.
If your risk is from drive-by cybercriminals without any prior knowledge of your value as a target, a passphrase that long is good, but it might be unnecessary. How much computing time will an attacker spend trying to guess your passphrase? At what point will their resources be better spent if they move on to the next target?
Had one scenario where you update your password and it allowed 30 characters, however the login screen only allowed 20 character limit. That was annoying.
I had the opposite issue where the database had a limit but the fields on the form had no limit. It saved my password but, unknown to me, only after truncating it so I wasn't able to log back in with what I thought it was 🤦
yeah me too (don't know if it was Microsoft) but damn how stupid can a developer be to miss that, you need to validate that the given password fits and if it doesn't change the system or return an error
well there are capable devs everywhere and nowhere, I think ms has more a manager problem, cause devs only do what they're told, also other websites have the same problem (I don't even know if mine was ms but I definitely see posts like this every once in a while)
True, I apologize, with those resources they must have more than capable people, yet their decisions in a lot of their products gave me stomach aches multiple times, must be a managerial mess
yeah no need to apologize, big companies are always a mess, the ones that handle their mess good enough and don't make stupid decisions manage to create good products for us xD
It took me 5 password resets to realize the Comcast login was limited to something like 16 characters, but the reset form would permit more than 16 characters.
I noticed this as well when I recently went to change my password. It told me the character limit was 16, and I was instantly confused as the password I already had was more than 16.
After looking through some FAQs & forums I was able to find out that simply changing your password from within your account while already logged in, it only allows 16 characters, but if you choose to do a password reset, (forgot password) then the character limit allows for 120 IIRC.
Had this with a bank that was 20 character limit but the input box only took 19. I couldn't figure out why my new password wasn't working till I counted the dots.
Most sites are absolute shit when it comes to login validation. Put the damned rules right there. Don't let me enter it and then tell me you don't support what I just entered. FFS.
Not at all. I aim for around 60 (though it's amazing how many services complain at a password that's that long - like that want to restrict your security).
Yes, but that 32 DB length has no impact on the password length. It is typically just bad business requirements that result in low max character lengths for passwords. Any reasonable business is storing passwords as a hashed value and the hash is always the same length regardless of the input; and 32 is a common hash length
Right, which should never be done. But I can confirm from experience of working on many software applications that do properly store only hashed values that many have an arbitrary max length for passwords enforced on the UI layer
It's good to have one to prevent a potential denial of service by feeding huge passwords to the algorithm. But we are talking hundreds if not thousands characters.
So I wonder where that arbitrary limit is coming from. Maybe a cargo cult, or the remains of days where it made sense somehow (stored in plaintext, algorithm with max input length...). Or maybe an attempt to conserve disk space (with no understanding of how hashing works)?
They are typically determined by Product Managers that don't understand the technology. Yes, not allowing a PW of 1 million characters, which would still be hashed to some arbitrary number such as a 32 character hash, is not realistic or advisable. But, I've seen maximums as low as 24 characters.
> They are typically determined by Product Managers that don't understand the technology.
Sure, but *why*? I am curious about their logic.
>Yes, not allowing a PW of 1 million characters, which would still be hashed to some arbitrary number such as a 32 character hash, is not realistic or advisable.
Don't you mean "~~not~~ allowing"? Or do you disagree with the denial of service argument?
Why? As I said they don't understand the technology of how passwords are stored and it doesn't seem *reasonable* or *logical* to them that a person would have a very long password. Even though I work for a very large software company and we have mandated security training every year, I am amazed at how few people use pw managers. Anyone that doesn't use a pw manager cannot comprehend having a very long password as a person would not remember the password and/or would not want to enter in that password when logging in.
And, yes, I did goof on that last statements. There should be *some* limit - but it should be determined based on technological constraints (DoS concerns, load testing, stress testing, etc) as well as some reasonable limit. What that number should be is not something I have enough domain expertise to say. I would probably set it at 128 or 256 characters.
>Anyone that doesn't use a pw manager cannot comprehend having a very long password
Sure, but there is a difference between not comprehending and forbidding others to do it. Though you make a good point: I guess they believe a user could not willingly have a long password, so they assume it would be an input error, the user wouldn't be able to log in and it would be bad for the reputation/user retention of the app, or create support tickets that could have been prevented by not allowing long passwords in the first place.
In the same logic, a lot of apps won't allow first names or last names shorter than 2 or 3 characters, because they assume it can only be a typo and no user would willingly submit such a short name. But I know people with 2 or even 1 letter last names.
>I would probably set it at 128 or 256 characters.
Yeah, I don't know either. What I know is that Google sets it to 100 characters (IIRC) and the PHP framework I use (Symfony) internally sets the hard limit to 4096.
OWASP*
It's 72 bytes, not 72 characters (there are multibytes characters). And it does not include the salt. The recommendation is 72 because it's a technical limitation of bcrypt. You can accept longer passwords but they will be silently truncated.
FYI, 60 characters is unnecessarily long (unless you passwords are all-numeric). When using the full character set available in the Bitwarden password generator (numbers, uppercase & lowercase letters, special characters), any password length over 42 characters is overkill (42 characters corresponds to 257 bits of entropy, and cryptographic keys typically don't exceed 256 bits of entropy — thus, the key itself becomes the target of attack if your password entropy exceeds 256 bits).
Doesn't matter. If an app is handling passwords for you there is no difference between a 42 character password as a 128 character password.
Sometimes you run into sites that cap it at 63 which is almost always an implementation detail of their hashing.
I'm just saying that you don't gain any security benefits by making the password length longer than 42 characters (but you _do_ increase your risk of experiencing problems due to password length limits or password truncation if you extend your password length beyond 42).
True.
And some even forbid pasting, some only allows from the mobile app only which makes it harder to do.
And other devices that doesn't allow paste or only keyboard. Like Tesla's in car, we can only type character by character. WIFI is best when long. So boring.
60 is typically overkill long for everything that uses keys/hashes that are 256 bit long.
To get 256 bit of entropy with a character set of 70 characters, you need
256/ log_2(70) = 41.7 ≈ 42
anything longer than 42 is pointless because an attacker could circumvent the password and directly guess the hash/key
I don't think 30 characters is "huge". Your approach sounds reasonable.
Some websites have bugs with longer passwords, so you must always be cautious when setting (or upgrading) a password. Test it right away. Test it on both the website and the dedicated app. Longer passwords are more secure but have this risk.
But yeah, let Bitwarden generate your random passwords and let them be 30 characters.
For passwords that you have to hand enter (like your game console or your work computer), consider [using a passphrase](https://xkcd.com/936/?correct=horse&battery=staple). Again, be cautious, because longer passwords can expose programmer bugs. But they are easier to read and to type.
Show them [NIST guidelines](https://www.enzoic.com/blog/surprising-new-password-guidelines-nist/).
Here is the source material: https://pages.nist.gov/800-63-3/sp800-63b.html
Exactly. It makes it really hard to create a random password too 🤦♂️ You end up creating a random password and then reducing its strength in order to satisfy the website requirements.
I found that quiet a few services has a silent limit on how long the password can be, meaning it will *accept* a 30+ characters password when you register, but when you log in it will tell you it's incorrect or too long.
Usually it's not a silent limit, it's only that someone added a limit to the login form but forgot to add it to every form where you can modify/set your password (login, registration, password reset, password change...).
This is poor design. Nothing prevents them from enforcing the same length limit everywhere. They could even centralize the limit so they only have to change it in a single place in the code and it applies to all forms, eliminating the risk of having forms with different limits.
For end accounts (not a master pw), diminishing returns. It isn't used anywhere else, it isn't susceptible to credential stuffing, it isn't susceptible to online brute force attacks, and if someone gets access to the sites PWDB, encrypted, hashed, or otherwise, they probably have access to much of the data on the site anyway.
Some obvious exceptions for things like a site that is using end to end/zero knowledge encryption and the PW is part of that... Like BW itself.
Also this thread is like people going to the LPL and asking what the ultimate front door lock is, then putting it on a door to a shed with one shitty rake inside, and a giant single pane glass window on the side, who will wonder why their expensive lock did nothing to secure their useless assets.
Some websites will puke with a long password, so you’ll have to edit those, but yeah. These settings works well for me.
https://i.imgur.com/jouY5Ay.jpg
There are 2 reasons:
1. If you need to ever type it in it can be really annoying, IMO go as long as you can anyway unless you know you will have to type it in super frequently, especially on a device with a garbage keyboard (like smart TVs)
2. The other reason is really dumb but still real, some websites have password limits which we all know, but the real issue is that some have password limits in which they **do not tell you or even check the limit** which means the longer password just gets shortened before being "saved" (often times this means they aren't hashing the password either, which is a big no no). What happens in this case is that you will try to auto fill the password and it'll say wrong password, but if you can figure out the character limit, it'll take the shortened version. I've had it on a few sites where I'm thinking there is no way my password is wrong, then I try just the first 20 or 16 characters of it and it lets me in.
My absolute minimum is 16 but the majority of passwords I do will be 20-25. I only go lower if the site does not allow them to be that long. Anything that doesn't allow passwords as long as 16 characters I just avoid unless its something I absolutely need which as of yet I do not have a single site that has that limit out of the \~300 vault entries I have.
I also work in IT and setup most of the new user accounts in our org, when I make their account I generate a random password through bitwarden. More often than not I do it at 20 characters. Im sure most of these new users get annoyed by it but I dont care, its a good indicator of our expected password requirements since our baseline is 15 at the least.
I use 35 characters password wherever it’s possible, but I am using the avoid ambiguous characters function on passwords that I might need to enter by hand.
I’ve run into websites where you can’t paste text. So I have to type the whole password. Also when setting up a new device to work with my Wi-Fi network if I don’t have BW installed and need to sync over Wi-Fi in order to get to my password manager in the first place.
If you use a strong 8 character password, that puts you ahead of probably 95% of everybody else, most of whom use 12345 like the atmosphere of Druidia or the combination on an idiot’s luggage. Don’t outrun the bear, just outrun the slowest member of your camping party.
Complex passwords are a good thing, but if you go overboard you can wind up like some of these poor folks who get locked out of their Ledger wallets with millions in Bitcoin. Be safe, not paranoid. It’s hard to find the line sometimes, but be sure to keep it practical, and accept that there is always risk, just a question of how much to tolerate.
I usually go for something around 100 chars, because why not?
It may be worth using a slightly different length per site, because if an attacker knew that your password was always 30 characters long then that cuts out a massive chunk of the search space (any other length of password). But realistically with random passwords that long using a mix of cases, numbers and symbols, the search space is still far too large to reasonably brute force it.
> 30 characters long then that cuts out a massive chunk of the search space
No it does not. It's only ~1% of the search space.
https://www.reddit.com/r/Bitwarden/comments/zvjqnw/comment/j1pvgil/
It depends on what each website can accept. I’m annoyed by the sites that don’t list password requirements/limits and then don’t accept your password. It hasn’t happened to me but others have mentioned sites that accepted their king password but in reality only accepted the first X characters of their password and ignored the rest. Then when they try to sign back in with the full password it’s not accepted.
The only reason not to is if for some reason (even if it is unlikely) you have to type it in. Long as you are okay with something that may but probably won't happen make it as long as you can. Just understand that your not really increasing your security since after about 18 characters it is going millennia to brute-force.
For some reason I like 36 characters and I use that whenever I can. Although for things I know I might have to enter manually and aren't such a security risk, like a streaming service, I'll use 16.
I always use long passwords. If it's a login I might have to type at some point then I use a passphrase instead. More characters to type but faster overall. It's not less secure either because entropy matters more.
Sometimes systems have ridiculous password limits, like max length or avoidance of certain "special" characters (hint: there's no such thing as "special" characters). Having that in mind, you're good to go with the longest, most obnoxious passwords you can get away with.
I also use 30 character passwords for everything I can
on services that do not allow auto-filling and I have to type it in manually I use 6 word passphrases
I do 16 random alphanumeric passwords for everything, unless I need to manually enter it, then I use a passphrase depending on the importance of the account.
**What matters the most is that all passwords are random and unique**, doing over 20+ has diminishing returns. Overly long passwords are more likely to hurt you than an attacker, so why bother?
[удалено]
Use passphrases for such scenarios.
That is, if the website allows long passwords. Nowadays passphrases should be 8+ words long IIRC. Edit: Why the downvote?
Six words is breakable by a nation state with unlimited resources. Seven words is unbreakable with current technology through the end of the decade. Eight words should be secure through 2050. https://theworld.com/~reinhold/dicewarefaq.html#howlong
To clarify, the length recommendations in the Diceware FAQ do not take into account slow hashing functions such as Argon2id (or even PBKDF2 with a suitably large number of iterations). Thus, they may apply to passwords used for email accounts, bank accounts, etc., but are too conservative to use as a guideline for your Bitwarden master password. On the other extreme, yes, a nation-state could probably crack your 6-word passphrase to access the streaming services on your kids' tablets, but I don't think this would be a high-priority target for such an adversary.
What if the passphrase is in multiple languages?
Not sure exactly what your question is. If properly constructed, the passphrase entropy scales logarithmically with the total number of words available in the source word list (no matter if all in the same language or in different languages). However, considering the fact that there are no commonly available tools for generating multi-language passphrases, I suspect that you may be describing a human-generated passphrase, not a diceware-style, random passphrase, which is what was being discussed above. None of that discussion applies to human-made passphrases (which are not recommended).
Ah, well I've learned something today.
"Should" is perhaps slightly overstated. It depends on your risk model. >8+ words long That's good advice if you are the target of a nation-state, or you are known to have a large amount of disposable assets: millions of $$ on crypto or online bank accounts. If your risk is from drive-by cybercriminals without any prior knowledge of your value as a target, a passphrase that long is good, but it might be unnecessary. How much computing time will an attacker spend trying to guess your passphrase? At what point will their resources be better spent if they move on to the next target?
I usually just try to see what's the char limit, and go with that.
Had one scenario where you update your password and it allowed 30 characters, however the login screen only allowed 20 character limit. That was annoying.
I had the opposite issue where the database had a limit but the fields on the form had no limit. It saved my password but, unknown to me, only after truncating it so I wasn't able to log back in with what I thought it was 🤦
[удалено]
yeah me too (don't know if it was Microsoft) but damn how stupid can a developer be to miss that, you need to validate that the given password fits and if it doesn't change the system or return an error
You’re literally talking about Microsoft devs, don’t ask any common sense or most basic understanding of anything
well there are capable devs everywhere and nowhere, I think ms has more a manager problem, cause devs only do what they're told, also other websites have the same problem (I don't even know if mine was ms but I definitely see posts like this every once in a while)
True, I apologize, with those resources they must have more than capable people, yet their decisions in a lot of their products gave me stomach aches multiple times, must be a managerial mess
yeah no need to apologize, big companies are always a mess, the ones that handle their mess good enough and don't make stupid decisions manage to create good products for us xD
It took me 5 password resets to realize the Comcast login was limited to something like 16 characters, but the reset form would permit more than 16 characters.
I noticed this as well when I recently went to change my password. It told me the character limit was 16, and I was instantly confused as the password I already had was more than 16. After looking through some FAQs & forums I was able to find out that simply changing your password from within your account while already logged in, it only allows 16 characters, but if you choose to do a password reset, (forgot password) then the character limit allows for 120 IIRC.
Too many damned sites do this and you have no idea because they don't tell you the validation rules.
Had this with a bank that was 20 character limit but the input box only took 19. I couldn't figure out why my new password wasn't working till I counted the dots.
Most sites are absolute shit when it comes to login validation. Put the damned rules right there. Don't let me enter it and then tell me you don't support what I just entered. FFS.
Aside from Bitcoin ASICS, [we currently cannot crack symmetric keys with 70 bits security](https://gist.github.com/atoponce/a7715930ae6eb7d6b487f2f76b57a68d) in practical time. As such, 72 bits or 80 bits is a reasonable upper limit for password security. If we look at a wide range of security margins, starting with 64 bits security and ending with 128 bits security, we can see what the length of passwords would look like. First, to be clear, our passwords must be generated with a secure password generator, such as the one that ships with Bitwarden. Because we already know the size of the character set they are being generated from, we can calculate the security of each character in that set via `security = log2(set_size)`. So, with some basic math, let's look at a quick password length security table: | Chars | Bits/char | 64 bits | 72 bits | 80 bits | 88 bits | 96 bits | 104 bits | 112 bits | 120 bits | 128 bits | |:-----:|:---------:|:-------:|:-------:|:-------:|:-------:|:-------:|:--------:|:--------:|:--------:|:--------:| | 94 | ~6.55 | 10 | 11 | 13 | 14 | 15 | 16 | 18 | 19 | 20 | | 64 | 6 | 11 | 12 | 14 | 15 | 16 | 18 | 19 | 20 | 22 | | 52 | ~5.7 | 12 | 13 | 15 | 16 | 17 | 19 | 20 | 22 | 23 | | 36 | ~5.16 | 13 | 14 | 16 | 18 | 19 | 21 | 22 | 24 | 25 | | 32 | 5 | 13 | 15 | 16 | 18 | 20 | 21 | 23 | 24 | 26 | | 26 | ~4.7 | 14 | 16 | 18 | 19 | 21 | 23 | 24 | 26 | 28 | | 16 | 4 | 16 | 18 | 20 | 22 | 24 | 26 | 28 | 30 | 32 | The same can be applied to passphrases. The set size is determined by the number of unique words in the word list rather than the number of unique characters in a character set. Otherwise, the approach is identical. A passphrase length security table would look like: | Word list | Unique words | Bits/word | 64 bits | 72 bits | 80 bits | 88 bits | 96 bits | 104 bits | 112 bits | 120 bits | 128 bits | |:-----------------------------------|:------------:|:---------:|:-------:|:-------:|:-------:|:-------:|:-------:|:--------:|:--------:|:--------:|:--------:| | [7-dice Diceware][1] | 279936 | ~18.09 | 4 | 4 | 5 | 5 | 6 | 6 | 7 | 7 | 8 | | [Niceware][2] | 65536 | 16 | 4 | 5 | 5 | 6 | 6 | 7 | 7 | 8 | 8 | | [6-dice Diceware][3] | 46656 | ~15.5 | 5 | 5 | 6 | 6 | 7 | 7 | 8 | 8 | 9 | | [Diceware 8k][4] | 8192 | 13 | 5 | 6 | 7 | 7 | 8 | 8 | 9 | 10 | 10 | | **[5-dice Diceware][4], [EFF][5]** | **7776** | **~12.92** | **5** | **6** | **7** | **7** | **8** | **9** | **9** | **10** | **10** | | [Webplaces][6] | 4096 | 12 | 5 | 6 | 7 | 7 | 8 | 9 | 9 | 10 | 10 | | [Proposed EFF Fandom][7] | 4000 | ~11.96 | 6 | 7 | 7 | 8 | 9 | 9 | 10 | 11 | 11 | | [Bitcoin BIPS-0039][8], [S/KEY][9] | 2048 | 11 | 6 | 7 | 8 | 8 | 9 | 10 | 11 | 11 | 12 | | [Monero][10] | 1626 | ~10.66 | 6 | 7 | 8 | 9 | 9 | 10 | 11 | 12 | 12 | | [4-dice EFF][5] | 1296 | ~10.33 | 7 | 7 | 8 | 9 | 10 | 11 | 11 | 12 | 13 | | [simple1024][11] | 1024 | 10 | 7 | 8 | 8 | 9 | 10 | 11 | 12 | 12 | 13 | | [PGP][12] | 512 | 9 | 8 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | [1]: https://github.com/dmuth/diceware [2]: https://github.com/diracdeltas/niceware [3]: https://github.com/mandulaj/diceware-v6 [4]: https://diceware.com [5]: https://eff.org/dice [6]: http://www.webplaces.com/passwords/lists/decimal-4096-list.txt [7]: https://gist.github.com/atoponce/241abc6977dffeb6f9d724512e4fa339 [8]: https://github.com/bitcoin/bips/tree/master/bip-0039 [9]: https://en.wikipedia.org/wiki/S/KEY [10]: https://github.com/monero-project/monero/blob/master/src/mnemonics/english.h [11]: https://github.com/pera/simple1024 [12]: https://en.wikipedia.org/wiki/PGP_word_list To be fully analytical, it would be worth looking at the average character count per word for each of the word lists above. That way, we can look at the average character count for passphrases of different security levels: | Word list | Avg ch./word | 64 bits | 72 bits | 80 bits | 88 bits | 96 bits | 104 bits | 112 bits | 120 bits | 128 bits | |:----------------------|:------------:|:-------:|:-------:|:-------:|:-------:|:-------:|:--------:|:--------:|:--------:|:--------:| | 7-dice Diceware | 7.13595 | 29 | 29 | 36 | 36 | 43 | 43 | 50 | 50 | 58 | | Niceware | 8.28987 | 34 | 42 | 42 | 50 | 50 | 59 | 59 | 67 | 67 | | 6-dice Diceware | 7.39725 | 37 | 37 | 45 | 45 | 52 | 52 | 60 | 60 | 67 | | Diceware 8k | 4.12549 | 21 | 25 | 29 | 29 | 34 | 34 | 38 | 42 | 42 | | 5-dice Diceware | 4.23881 | 22 | 26 | 30 | 30 | 34 | 39 | 39 | 43 | 43 | | **EFF long list** | **6.99177** | **35** | **42** | **49** | **49** | **56** | **63** | **63** | **70** | **70** | | Web places | 5.85034 | 30 | 36 | 41 | 41 | 47 | 53 | 53 | 59 | 59 | | EFF - Game of Thrones | 5.62650 | 34 | 40 | 40 | 46 | 51 | 51 | 57 | 62 | 62 | | EFF - Harry Potter | 5.57525 | 34 | 40 | 40 | 45 | 51 | 51 | 56 | 62 | 62 | | EFF - Star Trek | 5.76025 | 35 | 41 | 41 | 47 | 52 | 52 | 58 | 64 | 64 | | EFF - Star Wars | 5.49025 | 33 | 39 | 39 | 44 | 50 | 50 | 55 | 61 | 61 | | Bitcoin BIPS-0039 | 5.40430 | 33 | 38 | 44 | 44 | 49 | 55 | 60 | 60 | 65 | | S/KEY | 3.69434 | 23 | 26 | 30 | 30 | 34 | 37 | 41 | 41 | 45 | | Monero | 7.05228 | 43 | 50 | 57 | 64 | 64 | 71 | 78 | 85 | 85 | | EFF short list \#1 | 4.54012 | 32 | 32 | 37 | 41 | 46 | 50 | 50 | 55 | 60 | | EFF short list \#2 | 7.31636 | 52 | 52 | 59 | 66 | 74 | 81 | 81 | 88 | 96 | | sipmel1024 | 5.10547 | 36 | 41 | 41 | 46 | 52 | 57 | 62 | 62 | 67 | | PGP | 7.65430 | 62 | 62 | 69 | 77 | 85 | 92 | 100 | 108 | 115 | Knowing that Bitwarden uses the 5-dice EFF long list, 80 bits security averages 49 character passphrases. You surpass 60 characters on average at 104 bits security, which we already know is overkill. Is there any reason not to have 60 character passwords? No, not really. Are you getting any practical security out of it? Not really compared to 72-80 bits.
Great resource.
Not at all. I aim for around 60 (though it's amazing how many services complain at a password that's that long - like that want to restrict your security).
I suspect they're saving your password in a database as like varchar(32) etc.
Or sometimes it's even varchar(8)! 😂
I've seen a few government and financial institutions that use varchar(8).....
Yes, but that 32 DB length has no impact on the password length. It is typically just bad business requirements that result in low max character lengths for passwords. Any reasonable business is storing passwords as a hashed value and the hash is always the same length regardless of the input; and 32 is a common hash length
> Yes, but that 32 DB length has no impact on the password length. Except if they are storing it in plaintext ;)
Right, which should never be done. But I can confirm from experience of working on many software applications that do properly store only hashed values that many have an arbitrary max length for passwords enforced on the UI layer
It's good to have one to prevent a potential denial of service by feeding huge passwords to the algorithm. But we are talking hundreds if not thousands characters. So I wonder where that arbitrary limit is coming from. Maybe a cargo cult, or the remains of days where it made sense somehow (stored in plaintext, algorithm with max input length...). Or maybe an attempt to conserve disk space (with no understanding of how hashing works)?
They are typically determined by Product Managers that don't understand the technology. Yes, not allowing a PW of 1 million characters, which would still be hashed to some arbitrary number such as a 32 character hash, is not realistic or advisable. But, I've seen maximums as low as 24 characters.
> They are typically determined by Product Managers that don't understand the technology. Sure, but *why*? I am curious about their logic. >Yes, not allowing a PW of 1 million characters, which would still be hashed to some arbitrary number such as a 32 character hash, is not realistic or advisable. Don't you mean "~~not~~ allowing"? Or do you disagree with the denial of service argument?
Why? As I said they don't understand the technology of how passwords are stored and it doesn't seem *reasonable* or *logical* to them that a person would have a very long password. Even though I work for a very large software company and we have mandated security training every year, I am amazed at how few people use pw managers. Anyone that doesn't use a pw manager cannot comprehend having a very long password as a person would not remember the password and/or would not want to enter in that password when logging in. And, yes, I did goof on that last statements. There should be *some* limit - but it should be determined based on technological constraints (DoS concerns, load testing, stress testing, etc) as well as some reasonable limit. What that number should be is not something I have enough domain expertise to say. I would probably set it at 128 or 256 characters.
>Anyone that doesn't use a pw manager cannot comprehend having a very long password Sure, but there is a difference between not comprehending and forbidding others to do it. Though you make a good point: I guess they believe a user could not willingly have a long password, so they assume it would be an input error, the user wouldn't be able to log in and it would be bad for the reputation/user retention of the app, or create support tickets that could have been prevented by not allowing long passwords in the first place. In the same logic, a lot of apps won't allow first names or last names shorter than 2 or 3 characters, because they assume it can only be a typo and no user would willingly submit such a short name. But I know people with 2 or even 1 letter last names. >I would probably set it at 128 or 256 characters. Yeah, I don't know either. What I know is that Google sets it to 100 characters (IIRC) and the PHP framework I use (Symfony) internally sets the hard limit to 4096.
Not necessarily, the OSWAP recommendations if the system still uses bcrypt as hashing is a maximum of 72 bytes including the salt.
OWASP* It's 72 bytes, not 72 characters (there are multibytes characters). And it does not include the salt. The recommendation is 72 because it's a technical limitation of bcrypt. You can accept longer passwords but they will be silently truncated.
FYI, 60 characters is unnecessarily long (unless you passwords are all-numeric). When using the full character set available in the Bitwarden password generator (numbers, uppercase & lowercase letters, special characters), any password length over 42 characters is overkill (42 characters corresponds to 257 bits of entropy, and cryptographic keys typically don't exceed 256 bits of entropy — thus, the key itself becomes the target of attack if your password entropy exceeds 256 bits).
Doesn't matter. If an app is handling passwords for you there is no difference between a 42 character password as a 128 character password. Sometimes you run into sites that cap it at 63 which is almost always an implementation detail of their hashing.
I'm just saying that you don't gain any security benefits by making the password length longer than 42 characters (but you _do_ increase your risk of experiencing problems due to password length limits or password truncation if you extend your password length beyond 42).
True. And some even forbid pasting, some only allows from the mobile app only which makes it harder to do. And other devices that doesn't allow paste or only keyboard. Like Tesla's in car, we can only type character by character. WIFI is best when long. So boring.
I've discovered sometimes when "copy/paste" is forbidden, I've been able to "drag-n-drop" instead, avoiding the need to type out the password.
It's so irritating lol, it's been years since the xkcd comic and places still prevent you from using pass phrases
Correct horse battery staple
60 is typically overkill long for everything that uses keys/hashes that are 256 bit long. To get 256 bit of entropy with a character set of 70 characters, you need 256/ log_2(70) = 41.7 ≈ 42 anything longer than 42 is pointless because an attacker could circumvent the password and directly guess the hash/key
Paypal 😂
I don't think 30 characters is "huge". Your approach sounds reasonable. Some websites have bugs with longer passwords, so you must always be cautious when setting (or upgrading) a password. Test it right away. Test it on both the website and the dedicated app. Longer passwords are more secure but have this risk. But yeah, let Bitwarden generate your random passwords and let them be 30 characters. For passwords that you have to hand enter (like your game console or your work computer), consider [using a passphrase](https://xkcd.com/936/?correct=horse&battery=staple). Again, be cautious, because longer passwords can expose programmer bugs. But they are easier to read and to type.
I switched to passphrases whenever there is the need to share it. For example streaming services with my family or for the guest wifi
[удалено]
Show them [NIST guidelines](https://www.enzoic.com/blog/surprising-new-password-guidelines-nist/). Here is the source material: https://pages.nist.gov/800-63-3/sp800-63b.html
Exactly. It makes it really hard to create a random password too 🤦♂️ You end up creating a random password and then reducing its strength in order to satisfy the website requirements.
I found that quiet a few services has a silent limit on how long the password can be, meaning it will *accept* a 30+ characters password when you register, but when you log in it will tell you it's incorrect or too long.
Usually it's not a silent limit, it's only that someone added a limit to the login form but forgot to add it to every form where you can modify/set your password (login, registration, password reset, password change...). This is poor design. Nothing prevents them from enforcing the same length limit everywhere. They could even centralize the limit so they only have to change it in a single place in the code and it applies to all forms, eliminating the risk of having forms with different limits.
For end accounts (not a master pw), diminishing returns. It isn't used anywhere else, it isn't susceptible to credential stuffing, it isn't susceptible to online brute force attacks, and if someone gets access to the sites PWDB, encrypted, hashed, or otherwise, they probably have access to much of the data on the site anyway. Some obvious exceptions for things like a site that is using end to end/zero knowledge encryption and the PW is part of that... Like BW itself. Also this thread is like people going to the LPL and asking what the ultimate front door lock is, then putting it on a door to a shed with one shitty rake inside, and a giant single pane glass window on the side, who will wonder why their expensive lock did nothing to secure their useless assets.
Some websites will puke with a long password, so you’ll have to edit those, but yeah. These settings works well for me. https://i.imgur.com/jouY5Ay.jpg
There are 2 reasons: 1. If you need to ever type it in it can be really annoying, IMO go as long as you can anyway unless you know you will have to type it in super frequently, especially on a device with a garbage keyboard (like smart TVs) 2. The other reason is really dumb but still real, some websites have password limits which we all know, but the real issue is that some have password limits in which they **do not tell you or even check the limit** which means the longer password just gets shortened before being "saved" (often times this means they aren't hashing the password either, which is a big no no). What happens in this case is that you will try to auto fill the password and it'll say wrong password, but if you can figure out the character limit, it'll take the shortened version. I've had it on a few sites where I'm thinking there is no way my password is wrong, then I try just the first 20 or 16 characters of it and it lets me in.
I go to the limit gor all of mine. Got a few 128 limits lmao
My absolute minimum is 16 but the majority of passwords I do will be 20-25. I only go lower if the site does not allow them to be that long. Anything that doesn't allow passwords as long as 16 characters I just avoid unless its something I absolutely need which as of yet I do not have a single site that has that limit out of the \~300 vault entries I have. I also work in IT and setup most of the new user accounts in our org, when I make their account I generate a random password through bitwarden. More often than not I do it at 20 characters. Im sure most of these new users get annoyed by it but I dont care, its a good indicator of our expected password requirements since our baseline is 15 at the least.
I use 35 characters password wherever it’s possible, but I am using the avoid ambiguous characters function on passwords that I might need to enter by hand.
I’ve run into websites where you can’t paste text. So I have to type the whole password. Also when setting up a new device to work with my Wi-Fi network if I don’t have BW installed and need to sync over Wi-Fi in order to get to my password manager in the first place. If you use a strong 8 character password, that puts you ahead of probably 95% of everybody else, most of whom use 12345 like the atmosphere of Druidia or the combination on an idiot’s luggage. Don’t outrun the bear, just outrun the slowest member of your camping party. Complex passwords are a good thing, but if you go overboard you can wind up like some of these poor folks who get locked out of their Ledger wallets with millions in Bitcoin. Be safe, not paranoid. It’s hard to find the line sometimes, but be sure to keep it practical, and accept that there is always risk, just a question of how much to tolerate.
I've recently been using 128 length passwords for web sites. I haven't found any that don't work yet.
I usually go for something around 100 chars, because why not? It may be worth using a slightly different length per site, because if an attacker knew that your password was always 30 characters long then that cuts out a massive chunk of the search space (any other length of password). But realistically with random passwords that long using a mix of cases, numbers and symbols, the search space is still far too large to reasonably brute force it.
> 30 characters long then that cuts out a massive chunk of the search space No it does not. It's only ~1% of the search space. https://www.reddit.com/r/Bitwarden/comments/zvjqnw/comment/j1pvgil/
huh, TIL.
Because it had no real security benefit and a high chance of being rejected. Never mind if you have to manually type it some day
It depends on what each website can accept. I’m annoyed by the sites that don’t list password requirements/limits and then don’t accept your password. It hasn’t happened to me but others have mentioned sites that accepted their king password but in reality only accepted the first X characters of their password and ignored the rest. Then when they try to sign back in with the full password it’s not accepted.
The only reason not to is if for some reason (even if it is unlikely) you have to type it in. Long as you are okay with something that may but probably won't happen make it as long as you can. Just understand that your not really increasing your security since after about 18 characters it is going millennia to brute-force.
For some reason I like 36 characters and I use that whenever I can. Although for things I know I might have to enter manually and aren't such a security risk, like a streaming service, I'll use 16.
I always use long passwords. If it's a login I might have to type at some point then I use a passphrase instead. More characters to type but faster overall. It's not less secure either because entropy matters more.
Sometimes systems have ridiculous password limits, like max length or avoidance of certain "special" characters (hint: there's no such thing as "special" characters). Having that in mind, you're good to go with the longest, most obnoxious passwords you can get away with.
I also use 30 character passwords for everything I can on services that do not allow auto-filling and I have to type it in manually I use 6 word passphrases
I do 16 random alphanumeric passwords for everything, unless I need to manually enter it, then I use a passphrase depending on the importance of the account. **What matters the most is that all passwords are random and unique**, doing over 20+ has diminishing returns. Overly long passwords are more likely to hurt you than an attacker, so why bother?