Linux

On the upside, you could probably satisfy length and complexity requirements with just one emoji. ;)

And here I am avoiding even special characters because I worry about having to enter them on a French keyboard at some point.

I use only special characters that are on the same places with most layouts (at least english and finnish). I suppose passwords with ä or ö might be a bit more resistant to brute-force attacks, but it causes far more problems than it might theoretically solve.

you won't have to wait https://neal.fun/password-game/

NordPass is completely incorrect on the "it makes a password easier to "crack" thing.

I absolutely don't recommend using emojis in your password, as it is far too easy to get locked out. However, a password containing an emoji is significantly harder to crack.

Hashing is a process used to calculate a large number based on some input data. If the input is the same, the output is the same. If the input differs just slightly, the output is completely different. This process is mathematically irreversible. Since this (and other techniques) is often used for passwords, to "crack"/bruteforce a password, the attacker has to go through every possible combination of input data, calculate the hash, and check if the hash is the same as the password hash.

To make the process of bruteforcing a hash quicker, an attacker often makes assumptions about the input data. If they know a password contains 8 characters, and only lowercase letters, this massively narrows down the amount of passwords that need to be hashed and checked. If they know the password contains someones birth year, that too reduces the time to bruteforce a password.

The more possible characters you have per position in your password, the longer it will take to bruteforce. An 8 character password with just lowercase letters has 208.827.064.576 possible combinations. This sounds like a lot, but it's often bruteforced rather quickly. Adding uppercase letters and numbers to that, we're already at 218.340.105.584.896 possible combinations. That's ~1000x more combinations, and that's for 8 characters. It's the difference between bruteforcing taking a day, and taking 1000 days. (Do note an 8 characters lowercase password probably only takes like a few seconds to minutes, not a full day.)

According to https://emojipedia.org/stats there are 3664 different emojis. Lets say we create an 8 emoji password. (some emojis aren't one character internally, the same principle still applies.) Just 8 completely randomly chosen emojis. That password would have 32.482.071.647.592.311.234.920.185.856 different possible combinations. That is about 148.768.232.755.857 times more combinations than an 8 character uppercase+lowercase+numbers password. That is the difference between bruteforcing taking a day or taking 407584199331 years.

The same things as non-emoji passwords still apply, you can make assumptions about which emojis are used. People aren't entirely random, so chances are higher they used some of the more common emojis. However, that is similar to prioritizing the letter "e" because it is more common. Yes, it'll probably reduce the time taken to bruteforce a bunch of passwords, but it's not set in stone that every password will even contain the letter "e".

Again, due to the potential of breaking things, locking yourself out, etc. I DO NOT recommend using emojis. Use a password manager with longer passwords.

However, including an emoji in your password makes it significantly more difficult to bruteforce. As the assumption that the characters in your password are letters, numbers, and symbols no longer holds, which drastically increases the possible number of combinations.

We are sorry, your request could not be processed. 😊

As you know, at Corp.inc we believe that the most important thing there is, is human connection. ❤️ For this reason, every complaint must contain at least 2 happy emojis or 1 heart.

Please resubmit your concern accordingly. 😉

with love, Corp.inc - Issue Management

An emoji is hard to remember if you need to type them with an alt code, while also being easy to crack.

I hope you meant “easier to crack than to remember it's ALT code”*

They're significantly harder to crack than most other characters, simply as there are much more of them than letters and numbers combined.

For a computer, and emoji is nothing else than a character.

This isn't really true either, they're always composed of 4 or more bytes, which to a computer is 4 or more characters.

Fair point, will do… at some point in the future.

Edit #1: You people are expecting way too much reasonability from someone using emojis to login.

Edit #2: Urgh! FINE. Have your sensible title that actually means something and betters everyones experience. angrily sips water >:(

The Interrogator: "You think you're so funny… WHAT. IS. THE. PASSWORD!!!"

A guy, tied to a chair, bloodied and crying: "Amogus, it's a drawing of the Amogus guy."

The interrogator prepares another round of fists

Tbf, fuck printers

In my experience, several devices don't display the emoji as a correct icon (instead show the rectangle "tofu"), but they still work with it.

Source: am using an emoji with some normal characters on SSID

That'll make setting up your wifi from the command line all kinds of fun.
Even my SSID with , and : in it stumps the Debian installer.

I don't think anyone takes this seriously. It's just fun to come up with the worst password policies.

Just imagine the error: "Sorry, your password could not be set. If you decide to include more than one animal, make sure they get along or include a zookeeper as well."

Fucking brilliant.