Can I set these char(☺☻♥♦♣) as password [closed]

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

开发者_运维百科

Closed 12 years ago.

Improve this question

these char can be entered by keyboard by pressing with the combination of ALT and ASCII of char

I think these ☺ ☻ ♥ ♦ ♣ char can't be easily cracked by brute force attack.

---

It would depend a bunch of things, including what program is accepting the password, where and how are they storing it, what platforms the server and client are running on, and likely others. You may be able to log in using this password from a Windows client but not Unix (or vice versa). If this is a web app, it might work on one browser but not another. Or it might work differently on an English machine vs. a Japanese machine.

I would recommend against this. It's easy enough to come up with secure 7-bit ASCII passwords that going down this road isn't really necessary.

---

If the question is "can I use these," then the answer is "maybe." You will need to test them thoroughly to make sure that your application(s) support extended ASCII characters in passwords. If you use various operating systems or mixed-language systems, it's somewhat less likely that they'll be compatible because you start getting into different issues with encodings. There are many versions of the so-called extended ASCII set and they can be represented very differently.

If the question is "are these more secure," then the answer is "not really." Sure, increasing the number of characters that can potentially be included in a password increases its entropy value and increases the amount of time it would take for password-cracking software to crack the password. However, in practice, it's relatively unlikely that you'll see much difference by adding 5 or 6 extra characters. You can get a sufficient level of security with the password complexity requirements that are already well-supported, and tactics like increasing the minimum length of your password (perhaps to something like a pass phrase, rather than a simple word) will make cracking much more difficult than a few additional characters.

Also see the documentation for passwords in Windows Server:

An example of a strong password is J*p2leO4>F.

A password can meet most of the criteria of a strong password but still be rather weak. For example, Hello2U! is a relatively weak password even though it meets most of the criteria for a strong password and also meets the complexity requirements of password policy. H!elZl2o is a strong password because the dictionary word is interspersed with symbols, numbers, and other letters. It is important to educate users about the benefits of using strong passwords and to teach them how to create passwords that are actually strong.

You can create passwords that contain characters from the extended ASCII character set. Using extended ASCII characters increases the number of characters that you can choose when you create a password. As a result, it might take more time for password-cracking software to crack passwords that contain these extended ASCII characters than it does to crack other passwords. Before using extended ASCII characters in your password, test them thoroughly to make sure that passwords containing extended ASCII characters are compatible with the applications that your organization uses. Be especially cautious about using extended ASCII characters in passwords if your organization uses several different operating systems.

You can find extended ASCII characters in Character Map. Some extended ASCII characters should not be used in passwords. Do not use a character if a keystroke is not defined for it in the lower-right corner of the Character Map dialog box. For more information about how to use Character Map, see Using Character Map.

Examples of passwords that contain characters from the extended ASCII character set are kUµ!¶0o and Wf©$0k#»g¤5ªrd.

---

OK, not even close to a programming question, but I'll answer it anyway.

1. The policy for what is and is not allowable in a password is decided by the individual application/website etc.
2. So long as the characters are valid input for a password, they can be brute-forced just as easily as any other character. A short password with strange characters is still many times weaker than a longer password made from alphanumeric characters.