Can you use emojis in passwords? | Kaspersky official blog
Credit to Author: Stan Kaminsky| Date: Thu, 26 Oct 2023 15:02:46 +0000
No one likes passwords. They take ages to enter, are hard to remember, and the need for a number, symbol, uppercase letter, and a couple of hen’s teeth only makes creating them all the more difficult. But if you use the same password everywhere, or limit yourself to simple short (read — weak) passwords, sooner or later you’ll get hacked. How to combine ease of input, memorability, and hack resistance? An interesting, if unusual, way is to use emojis — yes, those same smileys 😁 and other cute icons 🔐 we love to use in chats and posts.
On today’s computers and smartphones, emojis are just as much full-fledged symbols as letters in alphabets and punctuation marks. That’s because they’re part of the Unicode standard (see here for a full list of standardized emojis), so in theory, they can be used in any text — including in passwords.
Why use emojis in passwords
Since there are a great many emojis in existence, your password can be twice as short. When intruders try to brute-force a password containing letters, numbers, and punctuation marks, there are fewer than a hundred variations for each symbol they need to pick. But there are more than 3600 standardized emojis in Unicode, so adding one to your password forces hackers to go through around 3700 variants per symbol. So, in terms of complexity, a password made up of five different emoticons is equivalent to a regular password of nine characters’ while seven emojis is equivalent to a strong password of 13 “regular” characters.
Emojis are easier to memorize. Instead of a meaningless jumble of letters and numbers, you can compose a logical sentence and create an emoji puzzle based on it. For this you can use an emoji translator or a chatbot like ChatGPT.
Hackers don’t brute-force emojis. Various hacking tools and dictionaries for cracking passwords include combinations of words, numbers, and common substitutions like E1iteP4$$w0rd, but not (yet?) emojis. So when an attacker goes through a leaked password database, your account protected with a 👁️🐝🍁👁️🥫🪰 (“I believe I can fly”) password is very likely safe.
All this sounds too good to be true. So what are the downsides of emoji passwords? Alas, they’re sizeable.
Why not use emojis in passwords?
Not all services accept emoji passwords. We carried out a little account-creation experiment using a password consisting of several standard emojis. It was rejected by both Microsoft/Outlook and Google/Gmail. However, Dropbox and OpenAI happily accepted it, so basically it’s a matter of experimentation.
You’ll have to test your emoji password immediately to make sure it works. Even if you’re able to create an account with it, it may not pass verification when signing in.
Emojis are harder to enter. On smartphones, entering emoji is simplicity itself. On desktop computers, however, it can be a bit more troublesome — though not excessively so (see below for details). In any case, you’ll have to find the emojis you need in a long list, making sure to select the right picture from several similar ones. If you cross-platform, remember to check you can enter these emojis on both your computer and smartphone for all services you use.
Recent emojis give you away. Many smartphone keyboards display frequently used emojis at the top of the list. This information is unlikely to help online hackers, but friends or family may be able to guess or snoop on your password.
How to create a password with emojis
A reasonable compromise would be to add an emoji or two to your password to up its complexity. The rest of the password can then be alphanumeric, and less fancy. Of course, using emojis is no substitute for traditional security tips: using long passwords, a password manager and two-factor authentication (2FA). Speaking of which, our password manager can both store passwords with emojis and generate 2FA codes.
How to enter emoji passwords
The input method depends on your device and operating system. Smartphones have a special keyboard section for this, while on computers you can use one of these options:
- In Windows 10 or 11, press the Win key + period simultaneously to open the emoji table in any input field. In many layouts, the key combination Win + ; also works.
- In macOS, the emoji table is available in any application under Edit → Emoji & Symbols. To open the table from the keyboard, hold down Command + Control + Spacebar together.
- In Ubuntu Linux (version 18 and higher), you can enter emojis by right-clicking in the input field and selecting Insert Emoji from the context menu. To call up the table from the keyboard, just like in Windows, press Win + period at the same time.
- Input by character code. Slow and boring as it may be, this is a reliable way to input any Unicode character — not just emojis. First, look up the code of the respective character in the table, then enter it using a special key combination. In Windows, press and hold Alt, then enter the decimal code from the list on the side numeric keypad. For other OSes the process is described in more detail here.
- But the easiest way to enter emoji passwords is to save them in Kaspersky Password Manager and insert them into the required input fields automatically.