• fosstulate@iusearchlinux.fyi
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Two of my colleagues still use locally stored plaintext for individual work credentials, despite having been shown where the password manager is. Both have accessed their files in front of me. If it’s not in those files it’s saved in the browser (because convenience is a hell of a drug). Now you start to see why discrete managers have a hard time, even amongst technology workers.

  • Cosmos7349@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    1 year ago

    As a software developer who has worked with a lot of symbols and emoji… PLEASE DON’T DO THIS.

    Software doesn’t all handle these symbols the same way, and without tech knowledge (or even with) , it’s very possible to not be able to log in easily. I’m kinda drunk rn, but I’ll try to explain as simply as I can…

    For example… skintone emojis are actually two characters, a face and a skin tone modifier. I think those ones are always two characters but some of these “multi-char” characters can be normalized into a single character. But not everyone handles this the same way. For example, Safari might normalize the emoji, but Firefox might treat it as two separate characters… And this would probably make your password not match. But basically… text has lots of edge cases; I’d advise to use normal passwords please (also maybe a password manager)

    • banneryear1868@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Was gonna say… you’re relying on the consistency of external emoji handlers that you don’t control. Ascii emojis are one thing.

        • banneryear1868@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          It was pretty normal lol. Basically everything between the visual of an emoji and what “text” is entered is not in your control. So it’s great for security but not in practice as a password. What brand was the kombucha I want some.

          • Cosmos7349@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            I didn’t realize NYC has a physical Juneshine location. So I got a flight… and a Juneshine cocktail…

    • StarDreamer@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Thanks for the feedback! I’ll be sure to use non-printing characters instead of emojis for my passwords! (They can’t guess it if it’s invisible right?)

      In all seriousness, why are people so adverse to using password managers? People are plenty willing to use the browsers built-in “remind my password” instead of a proper password solution such as bitwarden… And they come up with such “hacks” just to avoid using a proper length password.

  • Treczoks@lemm.ee
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Completely useless from many sources where I have to rely on a keyboard for entering passwords.

  • Arfman@aussie.zone
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Long time ago a friend of mine used a set of key press to generate a smiley face to put in his bios which ended up in a situation where he was not able to type in the same smiley face into the password prompt. I had to teach him to reset his bios battery to get back into the bios.

    • Lupec@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I love it, Bitwarden has supported generating passphrase style passwords for a while and it’s basically that. It’s my go-to these days.

    • vamputer@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I like doing entire phrases with some rhymes thrown in. Makes it easier to remember them.

      “BonyTonyMoansHe’sOnlyGrownLonely” has a shitload of characters, and a full sentence (even a nonsensical one like that) is more memorable to me than a random handful of disparate words.

      The more ridiculous, the better. (And, naturally, don’t forget your numbers and symbols)

      EDIT: Actually, no idea why I made it all one group of words. So long as spaces are in the password’s character space (and they very well should be if friggin’ emojis are), there’s nothing stopping you from doing an entire, punctuated sentence- other than that we’ve been conditioned not to think of a password that way.

      “Skinny Kenny’s friend, Mini Ben, has 20 chins.” That should be a fully-acceptable password with 46 characters (48 if you add the quotes), capital letters, numbers, and special characters.

      • scinde@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        You can’t compare a 46 random character password to a password composed out of words, the entropy of each is very different. Your kind of password is vulnerable to dictionary attacks which are way more common and easy than brute forcing every possibility. A 50+ characters unique random password for each service that is stored in a password manager which is encrypted with a 20+ characters random password is the most secure and future proof (for now).

        • ferret@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Dictionary attacks aren’t some magic bullet. There are a lot of english words and just four of them IS comparable in cracking difficult to a standard 8-char password that is as random as you can make it. There are a lot more words than there are symbols. Four words is obviously not as good as 46 totally random chars

          • scinde@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Dictionary attacks are definitely not a magic bullet, they require a lot of processing power, just like any other brute-force attack, but not more because of their longer length, as has been implied.

            True, there are a lot of english words, but the amount of common words is relatively small. Most people aren’t going to choose a password like “MachicolationRemonstranceCircumambulationSchadenfreude”, even if it were generated for them (which is unlikely).

            Sure, it is comparable to a standard 8 characters passward, but even that kind of password is verging on the insecure (it is the absolute minimum, which should be avoided when possible).

            There are also a lot of symbols when you count emojies and the entire Unicode standard.

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Security experts don’t actually have to work on corporate IT systems.

      So you’ve set your password to contain a 😇 have you?
      Ok so how are you going to type it on this desktop computer keyboard here…
      Yeah I thought not.

      I’ll just go reset your password shall I?

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I’ll let you be in charge of teaching them that. I literally had to talk someone through how to type an exclamation mark today, I don’t think they’re going to handle the extended Unicode character set.

  • Dizzy Devil Ducky@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’d rather staple my forehead to a telephone pole before I ever think about using an emoji in a password. Those things are abominations!

    • frank@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Okay now’s my time to shine. The words “emoji” and “emoticon” are false cognates, as in they aren’t actually related. Emoticon is a few-decade old word to describe emotion+icon, like :)

      Emoji is Japanese (kanji - 絵文字) for picture-word, basically. It super outdates computers.

      They just happen to sound similar; isn’t that fun?

  • originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    this feeeels like the stupidest idea ive ever heard… its not like theres really an emojii standard applied as universally as text, across devices or applications… the transforms that happen… this seems fraught with terribleness

    am i missing something?