SmartPasswords extension accepted by Bitwarden team

Our SmartPasswords extension was accepted by the Bitwarden team! The feature will be merged into the product after a process of code review, benefitting millions of users.

The new feature Smart Passwords, developed in the context of João Campos’s MSc thesis, reads the field passwordrules in an input form. This field contains the password policies specified by the website, making it easier for the generator to generate compliant passwords.

To specify the policy annotations (i.e., password rules), the extension uses a language developed by Apple. It also uses a new npm package developed by our team, based on Apple’s own parser and adapted to Typescript (@passcert/pwrules-annotations).

For example, the specification

passwordrules="required: upper; required: lower; required:digit; required: special; minlength: 10;"

specifies a password that must have at least 10 characters, and at least one lowercase letter, one uppercase letter, one digit, and one symbol. Since all character classes are required, the checkboxes are disabled and the minimum number of digits and symbols is also disabled because changing these values would generate a password that would be uncompliant. The minimum length of the password is also capped at 10.

Related publications

• Verified Password Generation from Password Composition Policies, Miguel Grilo, João Campos, João F. Ferreira, José Bacelar Almeida and Alexandra Mendes

• SmartPasswords: Increasing Password Managers' Usability by Generating Compliant Passwords, João Campos’s MSc thesis