It turns out that emoticons are considered a symbol, so they can beef up your passwords and make them more secure in combination with letters and numbers. Here’s how.
Sounds great where it works but I’m sure most systems would reject an emoji or make you type out some overly complex password in addition to your emoji.
Honestly you’d be surprised how many places it just works magically. I was surprised to find that Office365 users could use emojis in names for Microsoft Teams which had no problem syncing those accounts back to an on-prem Active Directory. You can use emojis to name a whole SQL database, let alone users/passwords on it.
I keep wondering if I need to figure out how to turn that off but it hasn’t caused any problems. It’s definitely sketchy looking though when you see a bunch of normal usernames and then suddenly one is just ten snowman emojis in a row.
Emojis are just a string of special characters that get recognised and replaced by an image anyway. It is the same as using those special characters separately.
It’s all just Unicode so in theory a password system shouldn’t think that emoji or any more interesting than any other character. To a computer the letter B and the emoji ✈️ equivalent in that they’re both just normal characters that one can type.
Sort of, emoji are usually treated as two or more normal characters so ✈️ might be equivalent to BB. But the basic point is the same.
It should work reasonably well in password systems that hash the password from a UTF-8 encoding… Which should be most things really. If the system is trying to process everything with ASCII, maybe not. It might even appear to work but get converted to some other character (which is kind of the worst case)… That should be rare in web applications though
Sounds great where it works but I’m sure most systems would reject an emoji or make you type out some overly complex password in addition to your emoji.
Honestly you’d be surprised how many places it just works magically. I was surprised to find that Office365 users could use emojis in names for Microsoft Teams which had no problem syncing those accounts back to an on-prem Active Directory. You can use emojis to name a whole SQL database, let alone users/passwords on it.
I keep wondering if I need to figure out how to turn that off but it hasn’t caused any problems. It’s definitely sketchy looking though when you see a bunch of normal usernames and then suddenly one is just ten snowman emojis in a row.
Emojis are just a string of special characters that get recognised and replaced by an image anyway. It is the same as using those special characters separately.
It’s all just Unicode so in theory a password system shouldn’t think that emoji or any more interesting than any other character. To a computer the letter B and the emoji ✈️ equivalent in that they’re both just normal characters that one can type.
Sort of, emoji are usually treated as two or more normal characters so ✈️ might be equivalent to BB. But the basic point is the same.
It should work reasonably well in password systems that hash the password from a UTF-8 encoding… Which should be most things really. If the system is trying to process everything with ASCII, maybe not. It might even appear to work but get converted to some other character (which is kind of the worst case)… That should be rare in web applications though