Helping people with computers... one answer at a time.

Exotic characters can make strong passwords... if the password field accepts them, and if you can type them in. There is a better way to get a stronger password.

Microsoft Word has many hidden symbols and foreign language letters that can be accessed by using the Alt key and three or four keypad numbers. Can these be used to create a more difficult to crack password?

In this excerpt from Answercast #97 I look at the added safety that may come from using bizarre and exotic characters in a password.

Exotic characters for strong passwords

Well, the short answer is yes, but the real answer is no. And let me explain why.

First let's talk about what those characters are. You and I are used to a character set that consists of 26 letters, upper and lowercase, ten digits and then a few special characters. Usually it's less than 128 different characters.

In reality, there are thousands and thousands of different characters. Especially when you start including languages that don't even use the same alphabet we use. Ultimately, computers are capable of representing these. Many programs are capable of using different characters from different languages that require these kinds of obscure keystrokes, or even different keyboards.

Computer character sets

And by the way it's not a "Word thing" it's a Windows thing. It's a computer thing. This isn't restricted to Word at all.

What it really boils down to is; what software actually supports these large character sets? Word happens to be one of them.

Can you use them in passwords?

The same issue applies to the places you might need to use a password.

You will find, I think, that most online resources want your password to be letters, numbers and a few special characters. Anything outside of that range, they're just not going to accept.

Yes, it might make for a stronger password but the fact is that most of the internet is based on those 26 letters, ten numbers, upper and lowercase and a few special characters and that's it; that's all they'll support.

Make a stronger password

As it turns out, there's a better way to make your password stronger.

That is to not use different characters, but to use more of the characters you already have available to you. By that I mean, simply, that a longer password is almost always better than a more complex password. With "enough" being longer enough.

I've got an article that compares the two; compares what it means to have a longer password.

I strongly recommend that. Instead of investigating these alternative characters, you simply make your password longer.

Support for exotic characters

Now, if you are in a circumstance where you know the software that is using these passwords does support these bizarre characters from different character sets - then by all means go ahead and use them. They'll make things more secure if you can remember them, and if you can remember to type them.

Also, you will always need to be at a computer that knows how to enter those characters. That's another thing too. If you ever try to access one of these things via say, a smartphone or a tablet or something like that, you may not have the ability to type the characters that you were able to type on your PC.

But assuming that everything is correct and it supports these characters then sure; it adds more characters to the mix and it's unlikely to be a character that hacker is going to try in a brute force attack.

Ultimately I think, for most people, in almost every case, it's much better to simply make a longer password with more characters than it is to try and get fancy with these kinds of techniques.

(Transcript lightly edited for readability.)

Next from Answercast 97- Am I scanning for malware too often?

Article C6340 - March 8, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Bob
March 11, 2013 9:51 AM

I've recently been to a site that does not even accept shift characters, so unless it is on the keyboard or num-pad you are out of luck. Also, I've hit the 'too long' error message a few times over the past 12 months - some sites simply are not keeping 'up with the times' with regards to security.

Glen
March 12, 2013 9:28 AM

i use Google Chrome and it has "do you want Google Chrome to remember your password?" i have one tower computer, i`m the only one who uses it, and i have remote access turned off. is it safe to let it remember my password?

Reverend Jim
March 12, 2013 9:35 AM

Many experts are now recommending that you use a password phrase rather than a series of semi-random characters. For one thing, a phrase can be long, but still be easily remembered and easy to enter. Compare

p1%&crz@k9*

to the phrase

Open the pod bay doors, Hal.

The phrase contains upper and lower case letters, spaces AND punctuation, yet is easy to remember. Also, being a longer password, it is more difficult to crack.

Bob
March 12, 2013 9:35 AM

to Glen:
I have had friends lose access to accounts, simply because they let their computer remember the passwords.
The scenario goes something like this:
They tick the box, that says "remember my password".
They subsequently forget what the password is, because they don't need to type it any more.
Something happens to the computer, or the software (something as simple as an update, or a crash) and it "forgets" what the password is.

Typing in the password is tedious, but it makes you remember it. And if anything happens to the machine, or you need to access online services from somewhere else, you know the password.

Texas Mike
March 12, 2013 11:27 AM

Yes, I've heard ALL the arguments about using "stronger" passwords, and some of them do have merit. But over the years, the LIKELIHOOD of yours being found out is unlikely based on one simple rule. Do not SHARE your password with another person. Simple. I've been using the same password on multiple sites for years and have yet to encounter a single incident of problems. What I do run into, often, is that I'm supposed to choose my "own" password, and then the site demands so many parameters that it slides into the abyss of absurdity. It MUST contain at least one letter, one digit, one cap, one "special" character and none in certain sequences, until it's really somebody else's password rather than mine. And every site is different in its requirements. Plus, it continually changes as new sites are added. Let me use my own password and I'll suffer the consequences for MY choice. I shouldn't suffer the consequences because YOUR site chooses to keep changing the parameters.

connie
March 12, 2013 1:42 PM

@Glen,
Here's a good article from Leo on letting your browser remember passwords:
Is it safe to let my browser remember passwords?

198kHz
March 13, 2013 1:39 AM

"In this excerpt from Answercast #97 I look at the added safety that may come from using bazaar and exotic characters in a password."

Or even bizarre characters. ;)

Mark J
March 13, 2013 11:54 AM

@198kHz
Good catch. I fixed it.

Mark J
March 13, 2013 12:43 PM

@Reverend Jim
"Open the pod bay doors, Hal." is a known phrase that might be programmed into a dictionary attack bot. I'd recommend something more of a nonsense nature that only makes sense to you.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.