1650312 - User adjustable length (and adjustable range) of generated secure password

Status: UNCONFIRMED

(Toolkit :: Password Manager, enhancement, P3)

Description

[GregZ]

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:77.0) Gecko/20100101 Firefox/77.0

Steps to reproduce:

Firefox generating secure passwords is great!
But I would love to be able to set it to a way longer string.
Something even more secure would be if the user could set a range for the length of the automatically generated secure password, because using a fixed number of password characters is considered a risk because attackers know the exact length they have to brute force attack. This is currently a problem!!

Comment 1

[:Gijs (he/him)]

Not an exploitable issue that needs to be kept hidden.

Comment 2

[:severin Rudie]

Hey :GregZ, thanks for filing! There are two sub-issues here I'd like to address separately.

The first is "can we add a way to customize generated passwords?" This is something we've talked about on the team, and it also fixes some other problems (e.g., letting you meet a sites nonstandard password requirements), but it has some drawbacks too. There's are also a number of addons that provide this functionality so a good workaround exists (this might be something you should look into). Our big worry here is that the UI would need to be fairly large and complex, and the value add needs to be weighed against the number of people it might scare away from the feature. I think it's important that everyone uses a password manager, so that's something we have to worry about.

Your second point is "all passwords being the same length reduces PW entropy." This is true, and a good callout, but our password generation algorithm currently provides 87 bits of entropy. This is on top of the fact that each password is associated with only one domain, so this should be enough to feel comfortably secure. But if you want more, those addons I mentioned earlier are still a good solution.

If you're curious, this is the security review that was done on our password generation: https://docs.google.com/document/d/1ox3w8bRDE-x3LxGQbFT3N6SAiIBBdFbmVsv06JlybSI/edit#, and a discussion on Chrome's PWs (the 69+ implementation is different but similar to ours) https://security.stackexchange.com/questions/190796/chrome-generated-passwords-not-high-entropy/190817#190817

TL;DR: we're thinking about this feature but haven't made up our minds on the cost/benefit yet, and don't see the current implementation as a security risk.

Comment 3

[GregZ]

Hi Severin Rudie,
Thank you for your very detailed reply.

1. In my mind the existing feature - while fantastically useful - feels incomplete without any possibility for advanced users to adjust basic settings.

2. I don't want to use a 3rd party password manager because most sync online and I don't want that. The best option for me is to use the Firefox built in password manager and its generator feature.

3. The UI would be in the OPTIONS menu - definitely not in the popup window. Novice users wouldn't even know about it but advanced users could just open the OPTIONS menu and set the password generation parameters to their liking. In the meantime parameters in the about:config would work as well.

4. I understand that it provides 87 bits of entropy and that it has passed the security audit with flying colours but turning security up to 110% never hurts. And in my mind being able to set the range for a generated password with a random seed would just make me sleep a bit better if you know what I mean. Of course not allowing the user to set it below a minimum.

Thank you for keeping this improvement in mind.
I hope it will get implemented in the near future.