The Bitwarden Blog

How to use the Bitwarden Passphrase Generator

authored by:Bitwarden
published :
  1. Blog
  2. How to use the Bitwarden Passphrase Generator

You use password managers for several reasons. First, you don't want to have to memorize the vast number of passwords required for all the apps and services you log into throughout the day. Another very important reason you use a password manager is to be able to work with very strong passwords. So, instead of password123, you could have your password manager generate i8bjKgvpxeFpkTA and use it for whatever account you're planning on saving to the vault.

That randomly-generated password is exponentially more secure than password123. Even if you're not using password123, according to a recent global survey, 36% of people use personal information such as their birthday, pet’s name, favorite band in their passwords - information that can easily be found online and cracked with a bit of social engineering. But that i8bjKgvpxeFpkTA password is strong and poses a serious challenge to would-be hackers.

Bitwarden has another trick up its sleeve: passphrases. Instead of a random string of characters, Bitwarden can generate a group of randomly selected words to be used in place of a password. So, instead of i8bjKgvpxeFpkTA, Bitwarden could generate imitate-sanctity-idly-gas, which is certainly easier to remember than i8bjKgvpxeFpkTA. At the same time, those passphrases can be just as challenging to crack as the strong passwords Bitwarden generates, because passphrases use a larger alphabet than typical passwords. And, since most services allow longer passwords to be used, you can opt to go the passphrase route instead of a random string of characters.

You might also like: Picking the right password for your password manager

As CISA notes, "When we use a password manager, we only need to remember one strong password—the one for the password manager itself. (Tip: Create a memorable long “passphrase” as described above.)" Both NIST and CISA recommend passphrases over passwords in cases where a user needs to memorize the credential, for instance, when creating the master password for your password manager:

"Passphrases leverage things that we know are paired, like the letters in a word. Our brains are so good at recognizing groups of letters that form words that we don't even process the letters individually. If you look at the word 'apple,' you don't say to yourself, 'A-p-p-l-e, oh that's apple!' Your brain simply recognizes the word as a single image and converts it into a real-life image of the thing it represents."

When it comes to the length of your passphrase, longer is naturally more secure. CISA recommends creating "a memorable phrase of 4 – 7 unrelated words." The important thing is to choose words that have meaning only to you - for example, avoid stringing together the names of your children - and instead choose "a handful of normal words or phrases...as long as whatever associates those words in your mind are known only to you." (NIST)

But how do you use the Bitwarden passphrase generator? If you're already familiar with the password generator, it's quite simple.

What you'll need

The only thing you'll need is a Bitwarden account (either free or paid). You can use the passphrase generator from the desktop app, mobile app, or web vault. This blog will demonstrate how to use the tool with the desktop application, but the process is similar, regardless of which version you are using.

Let's create your first passphrase.

Creating a passphrase

There are two ways you can create a passphrase: from the Generator tool or from within the vault item creation pop-up. The process is the same for each method. 

Open the Bitwarden app and create a new vault item. Fill out the information as you normally would and click the icon (two circular arrows - Figure 1) to open the password creation pop-up.

Figure 1

Creating a new vault item in Bitwarden.

Creating a new vault item in Bitwarden.

In the next window, click to expand Options and select Passphrase from the list (Figure 2). 

Figure 2

With Options expanded, you can then select Passphrase.

With Options expanded, you can then select Passphrase.

In the second block, you can configure your passphrase to include a specific number of words, what you want to use as your word separator, whether or not to capitalize the first letter in each word, and if you want to include a number. You can opt to use as many words as you want, but keep in mind any limitations placed on the service or app for which you are creating credentials. 

One thing to keep in mind is that every time you change an option, the passphrase will also change. 

When the passphrase is exactly how you want it, click the checkmark to add it to your vault entry. The capitalization and number options can make the passphrase even more challenging for those who would want to break into your accounts.

And that's all there is to using the Bitwarden passphrase generator. This is a great option when you want very strong credentials for an account but you might also want to be able to memorize the login for easier usage.

Get started with Bitwarden

Ready to level up your security with Bitwarden? Sign up for a free Bitwarden account, or keep your team and company colleagues safe online by starting a 7-day free trial of our business plans.