cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alexj
Making moves
Status: New idea

Hi

Strong random password generation suggestions has been an awesome feature introduced in Firefox.

Unfortunately I almost never use it because the suggestions are not strong enough by my security standards. From what I've seen Firefox suggests 15 alphanumerical passwords whereas my passwords are usuall 32 or 64 char (with special characters) unless the site doesn't allow it.

So I always need to fallback to "pwgen -nsy 32" or similar. It would be great to be able to customize it.

I looked several times in about:config for a way to do it, but either didn't find it (neither in documentation) or the feature doesn't exist.

Thus my proposal is: allow for customization in about:config for strength of suggested passwords.

Bonus: suggest several passwords, not just one (suggest one that has special characters and long, one just long, another short etc.) This was it will allow for options when picking a "strong" password for a specific site.

Bigger bonus: have a way of scraping the website and detecting the password limits and generate the strongest passwords that the specific sites allows.

 

Thanks

5 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Wallakh
New member

I'd like to see stronger passwords also, I only use Firefox for my passwords

Serg
Employee
Employee

Thanks @alexj ! Indeed we should think of giving more control to users who wants stronger passwords. There is Bug 1650312 where we track this request.

stoxford
New member

I, too, would like the ability to control the minimum entropy of auto-generated passwords. I don't use Firefox's password generation feature because the passwords are too weak.

I would like random passwords with at least 128 bits of entropy. By my calculations, that would be 22 characters long if the character set consists of lowercase letters, capital letters, and numbers. For some accounts I prefer 256 bits of entropy, which requires 43 random characters.

32-character (128 bit) or 64-character (256 bit) random hexadecimal passwords could be easy for users to manually type on mobile, even though they use more characters, because users wouldn't need to keep hitting the shift key.

DiscoM
New member

In 2024 now, Firefox give no options for generated password.

50% of the time the parameters for the website's requirement are not OK, so you need to edit it by hand, sometimes without seeing what you are doing because the field is password type.

Most simple users do not understand why it's not working and experienced users are annoyed by the behavior.