Strong random password generation suggestions has been an awesome feature introduced in Firefox.
Unfortunately I almost never use it because the suggestions are not strong enough by my security standards. From what I've seen Firefox suggests 15 alphanumerical passwords whereas my passwords are usuall 32 or 64 char (with special characters) unless the site doesn't allow it.
So I always need to fallback to "pwgen -nsy 32" or similar. It would be great to be able to customize it.
I looked several times in about:config for a way to do it, but either didn't find it (neither in documentation) or the feature doesn't exist.
Thus my proposal is: allow for customization in about:config for strength of suggested passwords.
Bonus: suggest several passwords, not just one (suggest one that has special characters and long, one just long, another short etc.) This was it will allow for options when picking a "strong" password for a specific site.
Bigger bonus: have a way of scraping the website and detecting the password limits and generate the strongest passwords that the specific sites allows.
Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.
I'd like to see stronger passwords also, I only use Firefox for my passwords
Thanks @alexj ! Indeed we should think of giving more control to users who wants stronger passwords. There is Bug 1650312 where we track this request.
I, too, would like the ability to control the minimum entropy of auto-generated passwords. I don't use Firefox's password generation feature because the passwords are too weak.
I would like random passwords with at least 128 bits of entropy. By my calculations, that would be 22 characters long if the character set consists of lowercase letters, capital letters, and numbers. For some accounts I prefer 256 bits of entropy, which requires 43 random characters.
32-character (128 bit) or 64-character (256 bit) random hexadecimal passwords could be easy for users to manually type on mobile, even though they use more characters, because users wouldn't need to keep hitting the shift key.