• abhibeckert@lemmy.world
      link
      fedilink
      English
      arrow-up
      51
      ·
      edit-2
      1 year ago

      The website should feed your password straight into a well known hashing algorithm or key derivation function that has undergone a decade or more of careful scrutiny, without any other processing. The output will usually be a fixed length base64 or hex string.

      There’s a short list of about three options that are currently considered acceptable, and a few more are probably fine but are a little too easy to crack these days (e.g. anything that shares the same math as bitcoin… what if someone throws a mining datacentre at your password?)

      If the site breaks, maybe you don’t to be a customer of that service.

      • Vilian@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        make one account with emoji password to test their system, if it break, good, go create hour account somewhere else

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        It’s not the processing on the server that’s the problem. To reach the server the password needs to go through several layers of character encoding, if any of them fails the server will receive something different from what you meant. And when you try to login from another device and the layers will be different you’ll effectively be sending a different password.

        • ricecake@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          The same character encoding that would break emoji would break a significant portion of the words names, so if your system can’t handle it, then you deserve all the trouble that you run into.

          Unicode isn’t that hard.

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            You’re not wrong, but some systems, especially smaller ones are intended for English-only situations (or originally were) so non-English language situations might not be as well tested and/or may cause things to break.

            Remember there are some sites that still refuse service if you put a " in your password. I’m not saying it’s right, but it’s a definite possibility.

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            That is very much not a 90s problem. Especially if the company has a website and an app or is a small company not thinking about these things.

            In theory this shouldn’t be an issue but it definitely could be an issue on certain services.

    • Arin@kbin.social
      link
      fedilink
      arrow-up
      28
      ·
      edit-2
      1 year ago

      auth servers breaking from emojis would be hilarious, pretty sure that’s why older auth servers only allow certain symbols in passwords

    • Kusimulkku@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      If some auth server breaks because I put emojis in my password then that’s right and deserved

    • viking@infosec.pub
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      Sounds like a crappy implementation of the authentication server then, and the sysadmin deserves a paddlin’ for not stripping non-UTF characters (or making sure they work).

      My problem with using emojis as part of the password would rather be that while I might be able to enter them on my personal Android phone using the exact keyboard app I have installed right now, I might find myself struggling on a desktop computer or any other phone that doesn’t have this exact keyboard installed. After all, the graphical representation of the same emoji might look different there, and there is a chance I couldn’t even recognize it.

      So if anything, I’d say use a non-UTF keyboard like Thai or Chinese, but then a standard character in that specific type. Keyboards layout can be installed across devices and are fully standardized, even if the same character looks slightly different.

      • Username@feddit.de
        link
        fedilink
        English
        arrow-up
        18
        ·
        1 year ago

        Stripping characters from passwords, great idea! Right up there with truncating passwords that are too long.

          • Username@feddit.de
            link
            fedilink
            English
            arrow-up
            11
            ·
            1 year ago

            That’s not how any of this works.

            First of all, stripping passwords is never okay. You can reject the password and let the user choose a new one, but never just modify it on your own.

            Then, if your system is at risk of code injection by certain characters in user input, please just shut it down and never turn it on again.

          • ricecake@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            Doing that is actually a great way to tell attackers that you’re vulnerable to that type of attack.

            Bypassing those front end restrictions is super easy, and the attackers don’t need an account or a password to attack you.

            It’s like putting a sign that says “lock fragile; don’t tug” on the door to your business.

            • Dark Arc@social.packetloss.gg
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              It’s like putting a sign that says “lock fragile; don’t tug” on the door to your business.

              That one made me chuckle, it really do be like that 😂

      • kuneho@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        also some OSKs put whitespaces after inserting an emoji, some doesn’t. there’s no unified emoji input method yet.

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        There’s no such thing as a non-UTF8 character. You mean non-UTF8 bytes? If a system sees those, it should reject the entire input, not try to patch it up.

    • 50gp@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      1 year ago

      and there are many trash implementations that dont recognise something like :emoticon: as shortcut and turn it into emoji, no no you have to use emoji keyboard to type them

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      OTOH, there is only one character set that matters, and any system using a different one is, by that fact alone, broken.

      • Funwayguy@lemmy.world
        link
        fedilink
        English
        arrow-up
        25
        ·
        1 year ago

        Hahaha, I wish.

        You would be amazed at how ancient and poorly maintained many web servers are on the modern internet. SQL injection still consistently make the top 3 web app vulnerabilities as of 2021. If that isn’t being sanitized properly I don’t expect emojis would be handled much better.

      • jordanlund@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        1 year ago

        For that particular bug, yes, but there have been many other variations on that theme and not limited to Apple tech. I’ve seen it nuke an email send for example because the SMTP server choked on emojis placed in a subject, to, or from line.

        • Jolteon@lemmy.zip
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          But why wouldn’t it make sense to need to pull the cab off of a pickup truck to change the spark plugs?

        • El Barto@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          That’s true for all car designers. You’re referring to the shitty designers, though.

          Architects don’t get involved in the actual construction of a building either.

          • Echo Dot@feddit.uk
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            1 year ago

            Oh they do. They come to tell you that the safety protocols you’ve implemented are interfering with their design.

            They’d prefer it if it looked pretty and then just fell down and light breeze thank you very much

    • Cavemanfreak@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      All the apps I’ve used recently use QR codes (or similar measures, like a sync code) that has you log in from the phone, so it should work anyway!

      • kratoz29@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        But not all apps, sadly, I just experimented it with Crunchyroll, and saw my dad struggling with a crappy app called Vix yesterday.

      • Echo Dot@feddit.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        In my experience the only one that works with any degree of reliability is YouTube. Even the Netflix one can be fairly intermittent.

        Also a lot in the time you’ll go away and the hotel you’re in will have a smart TV and the software was last updated in 2011 so you have to sign in on the device.

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 year ago

        I’ve had to manually type in passwords on a TV several times in the last few months because sometimes the login for even the biggest brand-name services is just broken.

  • Dizzy Devil Ducky@lemm.ee
    link
    fedilink
    English
    arrow-up
    62
    ·
    1 year ago

    I’d rather staple my forehead to a telephone pole before I ever think about using an emoji in a password. Those things are abominations!

    • snek_boi@lemmy.ml
      link
      fedilink
      English
      arrow-up
      24
      ·
      edit-2
      1 year ago

      Out of curiosity, what makes you say so?

      Edit: Oh. Did a “Wooosh” happen to me right now? Are you being ironic and referring to the XKCD thing about how to make a secure password using words in phrases?

      • El Barto@lemmy.world
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        I think OP is conflating the use of emojis in passwords with the use of emojis by the general public.

        Yes, it’s annoying to read stuff like “Hi 😃😃😃😃 I am Bob ♥️♥️♥️😎😎😎😎,” but that doesn’t mean that using them in passwords is a bad idea.

        • xor@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Or that “hi 😊 I’m Bob” doesn’t express a (subtly) different meaning to “hi, I’m Bob”

        • Valmond@lemmy.mindoki.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Well they have to be the same on different devices, like you log in to Lemmy on your PC and then on your phone. Also sometimes it seems the icons change, or there are new ones and maybe old ones are removed …

          • El Barto@lemmy.world
            link
            fedilink
            English
            arrow-up
            14
            ·
            1 year ago

            Emojis are standardized. They may look different in different devices, but the code of a “raised hands” emoji will always be the same, just like the code for A is always the same.

            Removing old ones could be a problem, though.

            • Corkyskog@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              What if I am using a device that doesn’t support emojis? wouldn’t I need to learn the code for each emoji I have used in a password?

              • El Barto@lemmy.world
                link
                fedilink
                English
                arrow-up
                5
                ·
                1 year ago

                That’s a good question, and yeah, I guess you’d either avoid using emojis or accept the fact that they’re not universally supported.

                Having said that, some people use non-ascii characters in their passwords, such as Œ which is a valid letter in some alphabets, and they’d run onto the same issue.

              • Honytawk@lemmy.zip
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                Yes

                But how many modern devices don’t somehow support emojis though?

                And how many of those you need to enter a password in?

            • Droechai@lemm.ee
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              1 year ago

              Just like a gun is standardized to a water gun for some and a real gun for others?

              Edit: I get your point, ita just if you memorize your password with emoji icons different icons would screw up your tries to log in

              • El Barto@lemmy.world
                link
                fedilink
                English
                arrow-up
                5
                ·
                1 year ago

                If you search for “gun” in your device when selecting an emoji, just pick whatever comes up. Done.

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      Security experts don’t actually have to work on corporate IT systems.

      So you’ve set your password to contain a 😇 have you?
      Ok so how are you going to type it on this desktop computer keyboard here…
      Yeah I thought not.

      I’ll just go reset your password shall I?

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          I’ll let you be in charge of teaching them that. I literally had to talk someone through how to type an exclamation mark today, I don’t think they’re going to handle the extended Unicode character set.

  • kromem@lemmy.world
    link
    fedilink
    English
    arrow-up
    54
    ·
    1 year ago

    No. There’s only one piece of advice that should be given to users in 2023 about how to make their passwords stronger:

    Use a password manager

    Just use 32 character random alphanumeric passwords that are unique for each site (you can do more like 12-16 characters if you’ll ever need to enter manually).

    This is it. Stop trying to create clever passwords that you can remember. You aren’t as uniquely creative as you think and there’s been bodies of research into how the various things people do to create passwords that look secure can reduce the generation space so much that they become considerably easier to crack with an intelligent algorithm.

    Test your ability to be unpredictable

    • shucks@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I got it to a stable 54% by using an

      algorithm

      typing f or d for consonants and vowels respectively in sentences I thought up, switching languages regularly,

      and a stable 56% by just typing randomly and adjusting my patterns based on the colored output, which might have skewed my results. Certainly a very cool tool, I also liked the explanation linked on the page!

    • vamputer@infosec.pub
      link
      fedilink
      English
      arrow-up
      19
      ·
      edit-2
      1 year ago

      I like doing entire phrases with some rhymes thrown in. Makes it easier to remember them.

      “BonyTonyMoansHe’sOnlyGrownLonely” has a shitload of characters, and a full sentence (even a nonsensical one like that) is more memorable to me than a random handful of disparate words.

      The more ridiculous, the better. (And, naturally, don’t forget your numbers and symbols)

      EDIT: Actually, no idea why I made it all one group of words. So long as spaces are in the password’s character space (and they very well should be if friggin’ emojis are), there’s nothing stopping you from doing an entire, punctuated sentence- other than that we’ve been conditioned not to think of a password that way.

      “Skinny Kenny’s friend, Mini Ben, has 20 chins.” That should be a fully-acceptable password with 46 characters (48 if you add the quotes), capital letters, numbers, and special characters.

      • scinde@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        You can’t compare a 46 random character password to a password composed out of words, the entropy of each is very different. Your kind of password is vulnerable to dictionary attacks which are way more common and easy than brute forcing every possibility. A 50+ characters unique random password for each service that is stored in a password manager which is encrypted with a 20+ characters random password is the most secure and future proof (for now).

        • Aatube@kbin.social
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          If the attacker doesn’t know that you’re using a dictionary password, then dictionary attacks probably won’t be their first choice. I want to remember these passwords across devices and on guests.

          • scinde@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            Like someone else said on this thread; that’s just security by obscurity, which is bad. Dictionary attacks will be one of the first (brute force related) attacks attackers will use because word passwords are incredibly popular (though admittedly of fewer words: VeryBigDog34 etc…), and relatively easy to do. I agree that having the password across different devices is somewhat of a challenge with a password manager, but not impossible. My very long and complex password is all down to muscle memory by this point, I couldn’t tell you what it is from memory.

            Also you shouldn’t use the same password on multiple things and if you don’t use a password manager you will need to memorize a lot of different passwords.

        • ferret@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Dictionary attacks aren’t some magic bullet. There are a lot of english words and just four of them IS comparable in cracking difficult to a standard 8-char password that is as random as you can make it. There are a lot more words than there are symbols. Four words is obviously not as good as 46 totally random chars

          • scinde@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Dictionary attacks are definitely not a magic bullet, they require a lot of processing power, just like any other brute-force attack, but not more because of their longer length, as has been implied.

            True, there are a lot of english words, but the amount of common words is relatively small. Most people aren’t going to choose a password like “MachicolationRemonstranceCircumambulationSchadenfreude”, even if it were generated for them (which is unlikely).

            Sure, it is comparable to a standard 8 characters passward, but even that kind of password is verging on the insecure (it is the absolute minimum, which should be avoided when possible).

            There are also a lot of symbols when you count emojies and the entire Unicode standard.

      • notapantsday@feddit.de
        link
        fedilink
        English
        arrow-up
        20
        ·
        1 year ago

        The whole idea is to make it easier for humans to remember and more difficult to brute force. Long passwords are much harder to brute force than complex passwords with lots of special characters. And they’re a lot easier for humans to remember.

        There are enough words in any language that it’s virtually impossible to guess the correct four words, even if they’re in the dictionary.

        • JohnEdwa@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          Even so, most password requirements will force you to add them anyway. Quick way to do it is to just pick a number on a keyboard and add it and the symbol to the end. e.g HorseBattery2# and so on.

          • Jesus_666@feddit.de
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 year ago

            And requirements like that are why my password strengths are completely out of whack:

            • Random websites get 24 randomly generated printable characters stored in my password manager. This is essentially unbreakable with conventional methods and can easily be adapted to fit whichever counterproductive rules the website enforces.
            • My password manager and my home computers get memorable but long phrases. A particular favorite is to start in the middle of a line from a song and continue from there. Nobody’s going to guess “make you swear and curse when you′re chewing on” but it’s easy to memorize of you already know the song. Even a dictionary attack is going to have trouble with that many words.
            • My work accounts get the bare minimum that complies with whichever rules the admins came up with. Numbers, special characters and mixed capitalization? No thirty letter phrase for you, then; you’ll get the minimum eight characters so I have a chance of memorizing the thing. Regular password changes? Great, now the last two chargers are going to be incrementing digits, just like for everyone else.

            There’s a reason why experts these days argue against anything but minimum length restrictions.

          • ゴン太@mander.xyz
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            You can even make a complete sentence that makes sense with symbols and numbers.

            “Ronaldo doesn’t grill 76 Canadian Tacos.”

            Or whatever

      • djdadi@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Not 4 of them in a row. Keep in mind the attacker doesn’t know " look for exactly 4 words"

        • Killing_Spark@feddit.de
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          That’s just security by obscurity. It’s one other strategy of choosing passwords that a bruteforce attack is going to try if it gets popular

          • lolcatnip@reddthat.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            That’s not what security by obscurity means. And going by your definition, all passwords are security by obscurity.

            • Killing_Spark@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              If your strategy is to just use dictionary words your password will have little entropy and even less so if you use grammatically correct sentences. If the attacker knows this is your strategy of choosing passwords cracking one is way easier than cracking a password that has the same length but consists of randomly chosen characters.

              Your password is only safe because the attacker doesn’t know your strategy of choosing the password which forces him to use inefficient methods of cracking it, while there would be a more efficient way if he knew the strategy you used. Which is security by obscurity.

    • Lupec@lemm.ee
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      I love it, Bitwarden has supported generating passphrase style passwords for a while and it’s basically that. It’s my go-to these days.

      • El Barto@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Got a source on that?

        Edit: plus brute forcing is just one scenario. I think the xkcd comic refers to using passwords in online services, and those usually have some sort of rate limiting.

    • Ookami38@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      I prefer picking a sentence or so that has meaning to me, using the first letters, and then adjusting for numbers/symbols. So if I wanted to make that a pw, it’d be 1ppa505thm2m,utfl,atafn/5. -looks completely unintelligible, but as long as you can remember the sentence and have some ideas of how you would have encoded it, easy enough to remember/recreate.

          • lemmyvore@feddit.nl
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 year ago

            If you’re using a password manager you don’t need phrases you can remember, you can generate even more secure passwords. Or start using passkeys.

          • noodlejetski@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I am, and I’m not jumping through hoops of making up a password sentence for every new website. I let Bitwarden take care of that for me.

            • Ookami38@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Just use these methods for the pws you either need to know (like your password manager) or don’t want stored for whatever reason, like your bank. Otherwise, yeah, just let your password manager generate a password for whatever site.

              • Aatube@kbin.social
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Guest machines too. And I sorta prefer whichever browser/OS I’m using’s implementation because they’re usually styled similarly.

        • Ookami38@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          It’s as easy to remember a bunch of those as it is remembering 4 random words with no association, I think. And besides, just use that for the big, important, pws like your pw manager.

    • fosstulate@iusearchlinux.fyi
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Two of my colleagues still use locally stored plaintext for individual work credentials, despite having been shown where the password manager is. Both have accessed their files in front of me. If it’s not in those files it’s saved in the browser (because convenience is a hell of a drug). Now you start to see why discrete managers have a hard time, even amongst technology workers.

    • Polar@lemmy.ca
      link
      fedilink
      English
      arrow-up
      30
      ·
      edit-2
      1 year ago

      Antisocial people.

      It was the same on Reddit. All of the people who despised emojis were often posting in really cringe and incel related subs.

      My use of emojis sky rocketed after I started dating. They are fun and convey emotion really well.

      • Honytawk@lemmy.zip
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        I’m convinced emojis are what has been missing from language for a long time. They are great way to portray emotions through texts, which otherwise could not be achieved.

        This way there is a difference between:

        “You are so amazing 😁👍”

        and

        "You are so amazing 🙄 "

        • mbp@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          If I’m going to be relaying through to people strictly over text as much as I do these days, I better have a way to articulate it with the right emotional range to match my sparkling personality ✨

    • pewgar_seemsimandroid@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      💀💀💀💀💀💀💀🗿🗿🗿🗿🗿🗿🗿🚣👍👍👍👍👍👍🔥🔥🔥🔥🔥🔥🔥 sigma

      the emojis and text above are a part of the reason

    • xthexder@l.sw0.com
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      Back in my day we only had 95 printable characters, and that’s the way we liked it! /s

    • ArxCyberwolf@lemmy.ca
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      People who use them tend to spam the hell out of them. Like, 8 of the same emoji. And they use them every other sentence. It’s obnoxious, you only need one or two to get the point across.

    • schnurrito@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      They didn’t exist yet when I was an early teenager, all we had were emoticons that might be replaced by images by the forum software, so of course I think they’re stupid /s

      Without sarcasm, it is a good thing we have standardized symbols now and don’t have to implement emoticon replacement into forum or chat or social media software. If only because half of such implementations replaced any occurrence of the number 8 followed by a closing parenthesis with 😎 even when that wasn’t the intended meaning (one can think of many other times one would end a parenthetical statement with the number 8).

  • BrianTheeBiscuiteer@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    ·
    1 year ago

    Sounds great where it works but I’m sure most systems would reject an emoji or make you type out some overly complex password in addition to your emoji.

    • Toribor@corndog.social
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      Honestly you’d be surprised how many places it just works magically. I was surprised to find that Office365 users could use emojis in names for Microsoft Teams which had no problem syncing those accounts back to an on-prem Active Directory. You can use emojis to name a whole SQL database, let alone users/passwords on it.

      I keep wondering if I need to figure out how to turn that off but it hasn’t caused any problems. It’s definitely sketchy looking though when you see a bunch of normal usernames and then suddenly one is just ten snowman emojis in a row.

      • Honytawk@lemmy.zip
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        Emojis are just a string of special characters that get recognised and replaced by an image anyway. It is the same as using those special characters separately.

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      It’s all just Unicode so in theory a password system shouldn’t think that emoji or any more interesting than any other character. To a computer the letter B and the emoji ✈️ equivalent in that they’re both just normal characters that one can type.

      Sort of, emoji are usually treated as two or more normal characters so ✈️ might be equivalent to BB. But the basic point is the same.

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It should work reasonably well in password systems that hash the password from a UTF-8 encoding… Which should be most things really. If the system is trying to process everything with ASCII, maybe not. It might even appear to work but get converted to some other character (which is kind of the worst case)… That should be rare in web applications though

  • Treczoks@lemm.ee
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    Completely useless from many sources where I have to rely on a keyboard for entering passwords.