this post was submitted on 01 Oct 2023
375 points (93.7% liked)

Linux

48186 readers
1324 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

You can totally use emojis as passwords. You can probably even make this a policy at your company.

Edit: I thought this was an obvious enough joke, but just to clear things up: Only do this if you hate your company and everyone working there.

top 50 comments
sorted by: hot top controversial new old
[–] federalreverse@feddit.de 98 points 1 year ago* (last edited 1 year ago) (10 children)

And here I am avoiding even special characters because I worry about having to enter them on a French keyboard at some point.

Do be aware that a single emoji is often composed of multiple Unicode characters (e.g. base emoji + gender modifier + skin tone modifier). Entering that on the command line is going to be fun.

[–] Xartle@lemmy.ml 55 points 1 year ago (1 children)

On the upside, you could probably satisfy length and complexity requirements with just one emoji. ;)

[–] ipipip@iusearchlinux.fyi 25 points 1 year ago

So add all emojis to my dictionary, got it

[–] IsoKiero@sopuli.xyz 17 points 1 year ago (3 children)

And here I am avoiding even special characters because I worry about having to enter them on a French keyboard at some point.

I use only special characters that are on the same places with most layouts (at least english and finnish). I suppose passwords with ä or ö might be a bit more resistant to brute-force attacks, but it causes far more problems than it might theoretically solve.

[–] PlexSheep@feddit.de 8 points 1 year ago (1 children)

Longer passwords make your passwords exponentially more secure, in terms of security bits. Length matters.

[–] IsoKiero@sopuli.xyz 7 points 1 year ago

True, and for most credentials I of course use password manager, but things like workstation password are still something I need to manually type out and for those 65 random characters aren't really practical. And for those I use things like 'HorseBattery69+' instead of 'SalainenSäläsänä69+' since while they (could be) equally long and complex the latter is pretty much impossible to type out if keyboard setting is something else than finnish (swedish works too I think).

load more comments (2 replies)
load more comments (8 replies)
[–] idunnololz@lemmy.world 47 points 1 year ago (1 children)

Can't wait for websites to require an emoji in your password /s

[–] DigitalPaperTrail@kbin.social 48 points 1 year ago (6 children)
[–] dandroid@dandroid.app 26 points 1 year ago

Bro that fucking egg ruined my life.

load more comments (5 replies)
[–] Tibert@jlai.lu 37 points 1 year ago* (last edited 1 year ago) (3 children)

Using emoji is a bad idea.

Here is why (without a password manager which removes the hard, but not the incompatible) :

  • some emojis can be inexistent on other devices. So you may not be able to log in on another device.
  • An emoji is hard to remember if you need to type them with an alt code, while also being easy to crack.
  • For a computer, and emoji is nothing else than a character. So hard to type, easy to crack.
  • More likely you use an emoji someone else used. So it could maybe be easier to crack.

And you don't need to believe me https://nordpass.com/blog/emoji-passwords/

[–] deadcade@lemmy.deadca.de 27 points 1 year ago (1 children)

NordPass is completely incorrect on the "it makes a password easier to "crack" thing.

I absolutely don't recommend using emojis in your password, as it is far too easy to get locked out. However, a password containing an emoji is significantly harder to crack.

Hashing is a process used to calculate a large number based on some input data. If the input is the same, the output is the same. If the input differs just slightly, the output is completely different. This process is mathematically irreversible. Since this (and other techniques) is often used for passwords, to "crack"/bruteforce a password, the attacker has to go through every possible combination of input data, calculate the hash, and check if the hash is the same as the password hash.

To make the process of bruteforcing a hash quicker, an attacker often makes assumptions about the input data. If they know a password contains 8 characters, and only lowercase letters, this massively narrows down the amount of passwords that need to be hashed and checked. If they know the password contains someones birth year, that too reduces the time to bruteforce a password.

The more possible characters you have per position in your password, the longer it will take to bruteforce. An 8 character password with just lowercase letters has 208.827.064.576 possible combinations. This sounds like a lot, but it's often bruteforced rather quickly. Adding uppercase letters and numbers to that, we're already at 218.340.105.584.896 possible combinations. That's ~1000x more combinations, and that's for 8 characters. It's the difference between bruteforcing taking a day, and taking 1000 days. (Do note an 8 characters lowercase password probably only takes like a few seconds to minutes, not a full day.)

According to https://emojipedia.org/stats there are 3664 different emojis. Lets say we create an 8 emoji password. (some emojis aren't one character internally, the same principle still applies.) Just 8 completely randomly chosen emojis. That password would have 32.482.071.647.592.311.234.920.185.856 different possible combinations. That is about 148.768.232.755.857 times more combinations than an 8 character uppercase+lowercase+numbers password. That is the difference between bruteforcing taking a day or taking 407584199331 years.

The same things as non-emoji passwords still apply, you can make assumptions about which emojis are used. People aren't entirely random, so chances are higher they used some of the more common emojis. However, that is similar to prioritizing the letter "e" because it is more common. Yes, it'll probably reduce the time taken to bruteforce a bunch of passwords, but it's not set in stone that every password will even contain the letter "e".

Again, due to the potential of breaking things, locking yourself out, etc. I DO NOT recommend using emojis. Use a password manager with longer passwords.

However, including an emoji in your password makes it significantly more difficult to bruteforce. As the assumption that the characters in your password are letters, numbers, and symbols no longer holds, which drastically increases the possible number of combinations.

[–] deadcade@lemmy.deadca.de 12 points 1 year ago (1 children)

For somewhat more realistic numbers:

According to minerstat.com, an NVidia RTX 4090 has a hashrate of 118.07MH/s. This is 118.07 Megahashes per second, or 118.070.000 hashes per second. For a password with only 8 lowercase letters (208.827.064.576 combinations), it would take an RTX 4090 approximately 1769 seconds (or ~30 minutes) to go through all possible combinations. For an 8 character upper+lower+numbers password (218340105584896 combinations) it would take 1849243 seconds, or 21.4 days.

For an 8 emoji password (32482071647592311234920185856 combinations), it would take 275.108.593.610.504.896.512 seconds, or 8.723.636.276.335 years.

Lets say a magic prediction algorithm reduces the number of possible combinations in each password to 1 out of every 1 million previously possible combinations. 8 lowercase letters would be cracked instantly, while an 8 emoji password would still take 8.723.636 years.

[–] skullgiver@popplesburger.hilciferous.nl 7 points 1 year ago* (last edited 11 months ago) (1 children)

[This comment has been deleted by an automated system]

[–] deadcade@lemmy.deadca.de 5 points 1 year ago

The times I calculated were indeed going over every possible combination, it would take half as long to crack a password on average. Considering reducing the time to 1/1000000 still leaves you with an incomprehensibly large estimated timespan, dividing that by 2 doesn't do that much for making it brute-forceable.

I did note it was specifically for 8 emojis, not 8 characters or bytes.

And yes, it's very impractical and likely to break things. It's better and much easier to add extra letters, numbers, and symbols to your password rather than using emojis. Using a password manager is even better.

As you stated, a single unicode character would mean your password wouldn't be included with the potential options in almost all brute forcing tools. Whether you use 8 emojis or 1, your password likely won't get brute forced.

All of my "emoji password" numbers are if the attacker knows it's a password containing exactly 8 emojis, and nothing more. Adding a regular symbols+upper+lower+numbers 16 character password would make it even more impossible to brute force.

[–] Luccus@feddit.de 18 points 1 year ago* (last edited 1 year ago)

We are sorry, your request could not be processed. 😊

As you know, at Corp.inc we believe that the most important thing there is, is human connection. ❤️ For this reason, every complaint must contain at least 2 happy emojis or 1 heart.

Please resubmit your concern accordingly. 😉

with love, Corp.inc - Issue Management

[–] lord_ryvan@ttrpg.network 6 points 1 year ago

An emoji is hard to remember if you need to type them with an alt code, while also being easy to crack.

I hope you meant “easier to crack than to remember it's ALT code”*

They're significantly harder to crack than most other characters, simply as there are much more of them than letters and numbers combined.


For a computer, and emoji is nothing else than a character.

This isn't really true either, they're always composed of 4 or more bytes, which to a computer is 4 or more characters.

[–] drwankingstein@lemmy.dbzer0.com 34 points 1 year ago* (last edited 1 year ago)

that feeling when you can remeber what shade of orange emoji you used on your password

[–] mcepl@lemmy.world 33 points 1 year ago (1 children)

Please, don't use subjects like "I love this". Please.

[–] Luccus@feddit.de 15 points 1 year ago* (last edited 1 year ago) (2 children)

Fair point, will do… at some point in the future.

Edit #1: You people are expecting way too much reasonability from someone using emojis to login.

Edit #2: Urgh! FINE. Have your sensible title that actually means something and betters everyones experience. angrily sips water >:(

[–] qaz@lemmy.world 5 points 1 year ago (2 children)

Are you aware you can edit titles?

[–] LouisGarbuor@sh.itjust.works 10 points 1 year ago

Wait, lemmy allows editing of titles?

load more comments (1 replies)
load more comments (1 replies)
[–] code@lemmy.world 27 points 1 year ago

You can also use emojis in computer and user names in active directory. Trust me, the network guys love it!

[–] dandroid@dandroid.app 20 points 1 year ago (9 children)

You can add emojis to your wifi SSID. I do not recommend it for compatibility reasons, though. Your printer might not like it.

[–] miversen33@lemmy.world 36 points 1 year ago (1 children)
[–] elvith@feddit.de 23 points 1 year ago (2 children)

Instructions unclear, p...aper stuck in tray 1

[–] JetpackJackson@feddit.de 5 points 1 year ago

lp0 on fire

load more comments (1 replies)
[–] madis@lemm.ee 6 points 1 year ago* (last edited 1 year ago) (1 children)

In my experience, several devices don't display the emoji as a correct icon (instead show the rectangle "tofu"), but they still work with it.

Source: am using an emoji with some normal characters on SSID

load more comments (1 replies)
load more comments (7 replies)
[–] hperrin@lemmy.world 20 points 1 year ago (1 children)

Anything Unicode. You could use box drawing characters.

[–] Luccus@feddit.de 40 points 1 year ago* (last edited 1 year ago) (1 children)

The Interrogator: "You think you're so funny… WHAT. IS. THE. PASSWORD!!!"

A guy, tied to a chair, bloodied and crying: "Amogus, it's a drawing of the Amogus guy."

The interrogator prepares another round of fists

[–] Dirk@lemmy.ml 12 points 1 year ago
[–] eruchitanda@lemmy.world 18 points 1 year ago
[–] backhdlp@lemmy.blahaj.zone 15 points 1 year ago* (last edited 1 year ago)

You're able to do this with passwords in most places to my knowledge.

[–] Shatur@lemmy.ml 15 points 1 year ago

I would recommend generating your passwords and storing them in a local password manager like KeePassXC. This way, you only need to remember one password from the database itself and you will not worry if any website leaks its database since all your passwords are unique.

[–] merde@sh.itjust.works 15 points 1 year ago (13 children)

this is useless unless you can copy/paste or autofill your passwords

load more comments (13 replies)
[–] Cwilliams@beehaw.org 8 points 1 year ago

Literal mental pain rn

[–] Catsrules@lemmy.ml 7 points 1 year ago

Someone has been playing too much of the password game.

[–] HumanPenguin@feddit.uk 7 points 1 year ago* (last edited 1 year ago) (2 children)

If you make it a policy for your corp. You will screw anyone with visual impairment.

We are totally unable to see the detail in these shitty little pics. So would be unable to use them as a password.

Fine if uou want to use them. And software should start supporting it. But please dont push corps to screw over disabled. Its hard enough dealing with them already. Nearly every big company forgets vision or hearing impairment when trying to manage customers and staff.

[–] Luccus@feddit.de 14 points 1 year ago

I don't think anyone takes this seriously. It's just fun to come up with the worst password policies.

Just imagine the error: "Sorry, your password could not be set. If you decide to include more than one animal, make sure they get along or include a zookeeper as well."

Fucking brilliant.

load more comments (1 replies)
[–] possiblylinux127@lemmy.zip 7 points 1 year ago

What happens if are using a device that doesn't support emojis?

[–] Sterben@lemmy.ml 7 points 1 year ago (2 children)

Yes, you can use emoji, but wouldn't it be better to use special characters instead? At least is 100% sure to be supported in all modern devices.

load more comments (2 replies)
[–] GustavoM@lemmy.world 6 points 1 year ago* (last edited 1 year ago) (1 children)

Afaik, emoticons...er....sorry, emojis are (mostly) dictionary words. And using most (if not all) as passwords is a one-way ticket to "wtf happened to my work PC and why my boss wants to kill me"-land.

Edit: I thought this was an obvious enough joke towards your obvious enough joke -- just "outjoking" your joke. :^)

load more comments (1 replies)
load more comments
view more: next ›