this post was submitted on 03 Nov 2023
303 points (87.0% liked)

Technology

59204 readers
2972 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] jordanlund@lemmy.world 179 points 1 year ago (26 children)

Emojis are known to break systems in certain circumstances due to the way they're interpreted in certain character sets.

I guarantee people doing this will not only lock out their own accounts, but may even freeze some authentication servers.

https://www.pcmag.com/news/want-to-brick-an-iphone-send-some-emojis

https://www.itechpost.com/articles/75762/20170119/brick-iphone-using-emojis-plus-tricks-dont-know.htm

[–] abhibeckert@lemmy.world 49 points 1 year ago* (last edited 1 year ago) (7 children)

The website should feed your password straight into a well known hashing algorithm or key derivation function that has undergone a decade or more of careful scrutiny, without any other processing. The output will usually be a fixed length base64 or hex string.

There's a short list of about three options that are currently considered acceptable, and a few more are probably fine but are a little too easy to crack these days (e.g. anything that shares the same math as bitcoin... what if someone throws a mining datacentre at your password?)

If the site breaks, maybe you don't to be a customer of that service.

[–] NightAuthor@lemmy.world 19 points 1 year ago

Can you still log in to wellsfargo accounts using the T9 translation of your password?

load more comments (6 replies)
[–] Arin@kbin.social 28 points 1 year ago* (last edited 1 year ago) (1 children)

auth servers breaking from emojis would be hilarious, pretty sure that's why older auth servers only allow certain symbols in passwords

[–] jordanlund@lemmy.world 35 points 1 year ago (1 children)

"Your password '🤣umådbrø⁉️' is breaking our server. Please change it."

load more comments (1 replies)
[–] Kusimulkku@lemm.ee 13 points 1 year ago

If some auth server breaks because I put emojis in my password then that's right and deserved

load more comments (23 replies)
[–] PetDinosaurs@lemmy.world 126 points 1 year ago (2 children)
[–] LemmyFeed@lemmy.world 43 points 1 year ago (1 children)

Correct horse battery staple!

[–] elbarto777@lemmy.world 15 points 1 year ago* (last edited 1 year ago) (1 children)

But was it a 💯 or was it a ✅? Damn neither. Let's try with 👍...

load more comments (1 replies)
[–] TimeSquirrel@kbin.social 25 points 1 year ago (1 children)

Jeez, you're right. We got pens, pencils, stock charts, even those folders with the colored label tabs, but no stapler, the most basic of office equipment.

[–] davidgro@lemmy.world 17 points 1 year ago (5 children)

When it's added, I expect most implementations will make it red.

load more comments (5 replies)
[–] kratoz29@lemm.ee 105 points 1 year ago (8 children)

Good luck logging in a Smart TV.

[–] MoogleMaestro@kbin.social 59 points 1 year ago (1 children)

Security Experts probably don't log into smart tvs all that often. Just a guess.

[–] Etterra@lemmy.world 18 points 1 year ago (4 children)

Sorta how car designers never have to actually fix cars.

load more comments (4 replies)
[–] elbarto777@lemmy.world 14 points 1 year ago

Logging in a smart tv? Lol!

load more comments (6 replies)
[–] mojo@lemm.ee 58 points 1 year ago (18 children)

Terrible idea, good luck logging in on desktop.

[–] Salamendacious@lemmy.world 40 points 1 year ago (5 children)

You know there's someone somewhere who would answer you with, "what's a desktop?"

load more comments (17 replies)
[–] kureta@lemmy.ml 57 points 1 year ago (1 children)

Security expert reveals surprising way to induce headaches

[–] echodot 14 points 1 year ago* (last edited 1 year ago) (2 children)

Security experts don't actually have to work on corporate IT systems.

So you've set your password to contain a 😇 have you?
Ok so how are you going to type it on this desktop computer keyboard here…
Yeah I thought not.

I'll just go reset your password shall I?

load more comments (2 replies)
[–] kromem@lemmy.world 54 points 1 year ago (3 children)

No. There's only one piece of advice that should be given to users in 2023 about how to make their passwords stronger:

Use a password manager

Just use 32 character random alphanumeric passwords that are unique for each site (you can do more like 12-16 characters if you'll ever need to enter manually).

This is it. Stop trying to create clever passwords that you can remember. You aren't as uniquely creative as you think and there's been bodies of research into how the various things people do to create passwords that look secure can reduce the generation space so much that they become considerably easier to crack with an intelligent algorithm.

Test your ability to be unpredictable

load more comments (3 replies)
[–] Ertebolle@kbin.social 47 points 1 year ago (33 children)

xkcd still has the best approach to this; four random common words

[–] vamputer@infosec.pub 17 points 1 year ago* (last edited 1 year ago) (5 children)

I like doing entire phrases with some rhymes thrown in. Makes it easier to remember them.

"BonyTonyMoansHe'sOnlyGrownLonely" has a shitload of characters, and a full sentence (even a nonsensical one like that) is more memorable to me than a random handful of disparate words.

The more ridiculous, the better. (And, naturally, don't forget your numbers and symbols)

EDIT: Actually, no idea why I made it all one group of words. So long as spaces are in the password's character space (and they very well should be if friggin' emojis are), there's nothing stopping you from doing an entire, punctuated sentence- other than that we've been conditioned not to think of a password that way.

"Skinny Kenny's friend, Mini Ben, has 20 chins." That should be a fully-acceptable password with 46 characters (48 if you add the quotes), capital letters, numbers, and special characters.

load more comments (5 replies)
load more comments (32 replies)
[–] xantoxis@lemmy.world 46 points 1 year ago

Oh for fuck's sake, just turn on 2FA

[–] spark947@lemm.ee 42 points 1 year ago

Until you get to a prompt that doesn't support unicode.

[–] SuddenlyBlowGreen@lemmy.world 41 points 1 year ago (3 children)

Just use a password manager, goddamn.

load more comments (3 replies)
[–] AceFuzzLord@lemm.ee 41 points 1 year ago (2 children)

I'd rather staple my forehead to a telephone pole before I ever think about using an emoji in a password. Those things are abominations!

[–] snek_boi@lemmy.ml 23 points 1 year ago* (last edited 1 year ago) (2 children)

Out of curiosity, what makes you say so?

Edit: Oh. Did a "Wooosh" happen to me right now? Are you being ironic and referring to the XKCD thing about how to make a secure password using words in phrases?

[–] elbarto777@lemmy.world 13 points 1 year ago (10 children)

I think OP is conflating the use of emojis in passwords with the use of emojis by the general public.

Yes, it's annoying to read stuff like "Hi 😃😃😃😃 I am Bob ♥️♥️♥️😎😎😎😎," but that doesn't mean that using them in passwords is a bad idea.

load more comments (10 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] BrianTheeBiscuiteer@lemmy.world 33 points 1 year ago (3 children)

Sounds great where it works but I'm sure most systems would reject an emoji or make you type out some overly complex password in addition to your emoji.

[–] Toribor@corndog.social 15 points 1 year ago (1 children)

Honestly you'd be surprised how many places it just works magically. I was surprised to find that Office365 users could use emojis in names for Microsoft Teams which had no problem syncing those accounts back to an on-prem Active Directory. You can use emojis to name a whole SQL database, let alone users/passwords on it.

I keep wondering if I need to figure out how to turn that off but it hasn't caused any problems. It's definitely sketchy looking though when you see a bunch of normal usernames and then suddenly one is just ten snowman emojis in a row.

load more comments (1 replies)
load more comments (2 replies)
[–] jbk@discuss.tchncs.de 29 points 1 year ago (11 children)

What's up with all the hate for emojis lmao

[–] Snowpix@lemmy.ca 18 points 1 year ago

People who use them tend to spam the hell out of them. Like, 8 of the same emoji. And they use them every other sentence. It's obnoxious, you only need one or two to get the point across.

[–] pewgar_seemsimandroid@lemmy.blahaj.zone 18 points 1 year ago (5 children)

💀💀💀💀💀💀💀🗿🗿🗿🗿🗿🗿🗿🚣👍👍👍👍👍👍🔥🔥🔥🔥🔥🔥🔥 sigma

the emojis and text above are a part of the reason

load more comments (5 replies)
[–] xthexder@l.sw0.com 14 points 1 year ago

Back in my day we only had 95 printable characters, and that's the way we liked it! /s

load more comments (8 replies)
[–] marx2k@lemmy.world 26 points 1 year ago
[–] Treczoks@lemm.ee 19 points 1 year ago (9 children)

Completely useless from many sources where I have to rely on a keyboard for entering passwords.

load more comments (9 replies)
[–] Cosmos7349@lemmy.world 18 points 1 year ago* (last edited 1 year ago) (5 children)

As a software developer who has worked with a lot of symbols and emoji... PLEASE DON'T DO THIS.

Software doesn't all handle these symbols the same way, and without tech knowledge (or even with) , it's very possible to not be able to log in easily. I'm kinda drunk rn, but I'll try to explain as simply as I can...

For example... skintone emojis are actually two characters, a face and a skin tone modifier. I think those ones are always two characters but some of these "multi-char" characters can be normalized into a single character. But not everyone handles this the same way. For example, Safari might normalize the emoji, but Firefox might treat it as two separate characters... And this would probably make your password not match. But basically... text has lots of edge cases; I'd advise to use normal passwords please (also maybe a password manager)

load more comments (5 replies)
[–] sarmale@lemmy.zip 18 points 1 year ago (4 children)

Can you write any unicode cahracter? Gotta make passwords in cuneiform

[–] bingbong@lemmy.dbzer0.com 16 points 1 year ago

(👁 ͜ʖ👁) 𓂺

-The most secure password

load more comments (3 replies)
[–] lazycouchpotato@lemmy.world 15 points 1 year ago* (last edited 1 year ago)

I disagree with them.

  1. Emojis do not look the same on all platforms. Let's take white large square ⬜ for example. Emojipedia shows what that emoji looks like on 26 different vendors. Some are pure white, some are shades are grey, and then there's Microsoft who in its usual infinite wisdom decided it should be purple. large yellow square 🟨 is a tossup between actually yellow and orange. This issue is also exacerbated with different displays displaying colours differently. Factors such as color accuracy, viewing angle, brightness affect how you perceive colour.

This also extends to face emojis. grinning face with big eyes (Emojipedia link) isn't that easy to tell apart from grinning eyes (Emojipedia link)

  1. Emoji support depends on your device. I'm on Windows 11 22H2 which recently added support for shaking face 🫨. Problem is, Windows' emoji picker Win + . (period) doesn't have it. Trying to login on a friends phone that's still on iOS 15 or Android 12, before shaking face came out? Enjoy manually copy/pasting the emoji from Emojipedia.

correct horse battery staple on the other hand looks the same on all devices.

load more comments
view more: next ›