Why NOT use emoji as part of a password

Emoji are a very common part of online communication, especially for the younger generation. Smiling or frowning faces, gestures, or basically anything else, can easily and quickly be incorporated into regular text. There are many symbols and characters, as you can see, for example, on Emojipedia, which collects emoji and where you can copy them directly.

However, an emoji is in effect nothing more than a regular character like any other letter, only this character is displayed in the form of an image. So it might be handy to use an emoji as part of a password to log in. This would be an extension of special characters, which would be a big problem for hackers trying to get into accounts through brute force, i.e. by trying all possible combinations of passwords.

While it looks tempting, a password in the form of a series of 🐵🐵🐵 or 🍆🍆🍆 might not be such a good idea.

Why is it a bad idea to use emoji in passwords?

Emojis are widely used in online communication, so we might want to use them in passwords as well. However, emoji, the precursor to emoji that are just written with classic keyboard symbols, definitely make sense. A combination like: D or ;) are very easy to type. But with emoji, i.e. symbols represented by an image, the situation is different.

  • You don’t have to log in anymore – Just because emoji can be used in passwords, that doesn’t mean you should. On mobile, typing an emoji is very easy, and the keyboard usually directly offers a set of characters for you to choose from right away. But that’s not the case for traditional computers. Often you just can’t get to the emoji and you’ll have to find the right ones on, for example, the aforementioned Emojipedia. It’s very impractical, and you have to actually hit the emoji. It can easily happen that you can only access your account from your mobile phone, but not from your computer.
  • Emoji are not standardised – Different operating systems may not always display emoji in the same way. There’s no guarantee that an emoji that works perfectly on your iPhone will be recognised when you try to sign in to the same account on Windows.
  • Passwords made up of only emoji are not very secure – A great password contains an element of randomness, or is random altogether. But there are a number of emoji that are used really a lot and are readily available. Users will mainly use these symbols within their passwords, which hackers will try first.
  • Emojis don’t protect against brute force attacks – The software behind brute force attacks is getting more sophisticated. Scrolling through a library of common emoji and likely combinations will take milliseconds. It makes sense to use an emoji as part of a password, as long as we can get to that character on all devices, but sometimes typing or selecting the right emoji is very complicated and extremely impractical.
Brute force
Photo: JumpStory

What is a brute force attack?

Brute force attacks are a common way to crack passwords and gain access to private data. The attacker tries a huge number of passwords and tries to figure out a given combination. Due to the capabilities and computational power of even fairly ordinary computers, it is not a problem to try a huge number of passwords in a second.

It’s a relatively simple process, but the tendency of Internet users to use predictable improbable passwords only adds to the effectiveness of this type of attack.

4 steps to improve password security (without using emoji)

Adding a few emoji in the form of padlocks won’t make your passwords that much stronger again, but here are four steps you can take today to ensure your data stays private and protected.

  • Use long and complex passwords – The key to a strong password is length and complexity. If you’re creating a password (without using an emoji), make sure it’s long and contains a range of numbers, symbols, and upper and lower case letters.
  • Avoid recognizable words and patterns – Brute force attacks usually rely on an algorithm that goes through common words and combinations. With this in mind, do not use recognizable words, names, dates, and number sequences. Randomness is essential.
  • Use different passwords for different accounts – If one password is cracked, the last thing you want is for the attack to spread to all of your accounts. Make sure every profile you use, from social media sites to online banking, has different login credentials.
  • Use a password manager – To combine all the basic elements of password security, get a password manager. These tools allow you to generate complex passwords, automatically fill out login forms, and maintain data security across platforms. You can also use a password manager completely free of charge, but that doesn’t mean the security is any weaker. We definitely recommend giving Password Manager a try.

Related Articles

Back to top button