Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is it possible to use exotic characters to make passwords stronger?

Question:

Microsoft Word has many hidden symbols and foreign language letters that can
be accessed by using the Alt key and three or four keypad numbers. Can these be
used to create a more difficult to crack password?

In this excerpt from
Answercast #97
I look at the added safety that may come from using bizarre and exotic characters in a password.

]]>

Exotic characters for strong passwords

Well, the short answer is yes, but the real answer is no. And let me explain why.

First let’s talk about what those characters are. You and I are used to a character set that consists of 26 letters, upper and lowercase, ten digits and then a few special characters. Usually it’s less than 128 different characters.

In reality, there are thousands and thousands of different characters. Especially when you start including languages that don’t even use the same alphabet we use. Ultimately, computers are capable of representing these. Many programs are capable of using different characters from different languages that require these kinds of obscure keystrokes, or even different keyboards.

Computer character sets

And by the way it’s not a “Word thing” it’s a Windows thing. It’s a computer thing. This isn’t restricted to Word at all.

What it really boils down to is; what software actually supports these large character sets? Word happens to be one of them.

Can you use them in passwords?

The same issue applies to the places you might need to use a password.

You will find, I think, that most online resources want your password to be letters, numbers and a few special characters. Anything outside of that range, they’re just not going to accept.

Yes, it might make for a stronger password but the fact is that most of the internet is based on those 26 letters, ten numbers, upper and lowercase and a few special characters and that’s it; that’s all they’ll support.

Make a stronger password

As it turns out, there’s a better way to make your password stronger.

That is to not use different characters, but to use more of the characters you already have available to you. By that I mean, simply, that a longer password is almost always better than a more complex password. With “enough” being longer enough.

I’ve got an article that compares the two; compares what it means to have a longer password.

I strongly recommend that. Instead of investigating these alternative characters, you simply make your password longer.

Support for exotic characters

Now, if you are in a circumstance where you know the software that is using these passwords does support these bizarre characters from different character sets – then by all means go ahead and use them. They’ll make things more secure if you can remember them, and if you can remember to type them.

Also, you will always need to be at a computer that knows how to enter those characters. That’s another thing too. If you ever try to access one of these things via say, a smartphone or a tablet or something like that, you may not have the ability to type the characters that you were able to type on your PC.

But assuming that everything is correct and it supports these characters then sure; it adds more characters to the mix and it’s unlikely to be a character that hacker is going to try in a brute force attack.

Ultimately I think, for most people, in almost every case, it’s much better to simply make a longer password with more characters than it is to try and get fancy with these kinds of techniques.

(Transcript lightly edited for readability.)

Next from Answercast 97- Am I scanning for malware too often?

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

11 comments on “Is it possible to use exotic characters to make passwords stronger?”

  1. I’ve recently been to a site that does not even accept shift characters, so unless it is on the keyboard or num-pad you are out of luck. Also, I’ve hit the ‘too long’ error message a few times over the past 12 months – some sites simply are not keeping ‘up with the times’ with regards to security.

    Reply
  2. i use Google Chrome and it has “do you want Google Chrome to remember your password?” i have one tower computer, i`m the only one who uses it, and i have remote access turned off. is it safe to let it remember my password?

    Reply
  3. Many experts are now recommending that you use a password phrase rather than a series of semi-random characters. For one thing, a phrase can be long, but still be easily remembered and easy to enter. Compare

    p1%&crz@k9*

    to the phrase

    Open the pod bay doors, Hal.

    The phrase contains upper and lower case letters, spaces AND punctuation, yet is easy to remember. Also, being a longer password, it is more difficult to crack.

    Reply
  4. to Glen:
    I have had friends lose access to accounts, simply because they let their computer remember the passwords.
    The scenario goes something like this:
    They tick the box, that says “remember my password”.
    They subsequently forget what the password is, because they don’t need to type it any more.
    Something happens to the computer, or the software (something as simple as an update, or a crash) and it “forgets” what the password is.

    Typing in the password is tedious, but it makes you remember it. And if anything happens to the machine, or you need to access online services from somewhere else, you know the password.

    Reply
  5. Yes, I’ve heard ALL the arguments about using “stronger” passwords, and some of them do have merit. But over the years, the LIKELIHOOD of yours being found out is unlikely based on one simple rule. Do not SHARE your password with another person. Simple. I’ve been using the same password on multiple sites for years and have yet to encounter a single incident of problems. What I do run into, often, is that I’m supposed to choose my “own” password, and then the site demands so many parameters that it slides into the abyss of absurdity. It MUST contain at least one letter, one digit, one cap, one “special” character and none in certain sequences, until it’s really somebody else’s password rather than mine. And every site is different in its requirements. Plus, it continually changes as new sites are added. Let me use my own password and I’ll suffer the consequences for MY choice. I shouldn’t suffer the consequences because YOUR site chooses to keep changing the parameters.

    Reply
  6. “In this excerpt from Answercast #97 I look at the added safety that may come from using bazaar and exotic characters in a password.”

    Or even bizarre characters. ;)

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.