undefined | Better HN

0 pointsderwiki5y ago0 comments

I remember reading that a somewhat-legitimate reason for blocking special characters is that it's a signal for keyloggers that the typed string might be a password. After briefly searching Google, I couldn't find anything to support that theory though.

0 comments

jakub_g5y ago

It's an interesting point, but I think when the user has a keylogger, they've already lost. I'd rather have websites disallow passwords shorter than ~10 chars which are trivially brute-force'able in case of a leak.

If special chars can be a signal for keyloggers, so are strings > 10 chars, and strings which are not all-lowercase/all-uppercase/first-capital. Basically to mislead the keylogger in this way, the user would have to use a short all-lowercase dictionary password :)

anon730445y ago

I jokingly like the idea of using utf-8 emojis in a password. They're available on nearly all phones and web browsers, common enough to not be susceptible to those sort of keyloggers and don't show up in any of the largest dictionaries/rainbow tables.

j / k navigate · click thread line to collapse

0 pointsderwiki5y ago0 comments

0 comments

jakub_g5y ago

anon730445y ago

j / k navigate · click thread line to collapse