Idea: Emoji passwords

Bdixbsufhdbe HEAR ME OUT

I know, I know, emojis belong with teenage girls on Snapchat but there are some theoretical benefits to emoji passwords.

Brute Force attacks are useless! With such a wide range of characters and so many different combinations, they just wouldn't be viable.

Dictionary attacks are less useful! Because those require...words.

They can be easier to remember. Tell a story with your emojis. Images are easier to commit to memory than combinations of letters and numbers.

Users would adopt the feature! For whatever reason, the general population fucking loves these things. So emoji passwords probably won't take very long to see use.

I don't know much about this last one, so I saved it for last, but I would imagine that decryption would be more difficult if the available values is quite vast. I dunno how rainbow tables and hash defucking works so I'll just put this here as a "maybe"


  • 13
  • 24
    Afaik, emojis look different on different devices / OS. It's gonna be a nightmare.
  • 31
    While it might not be a bad idea, I still want to lynch you for proposing it.
  • 9
    Ive been doing this for a year or two now
  • 17
    And then comes that day you just have to borrow your friends laptop, and they don't have an emoji keyboard installed, so you end up copying every single one of your 23 character password from the web. Though great idea!
  • 6
    @ScriptCoded any windows pc has it installed, and the last time I used someone else their PC with my account is about 5 years ago.
  • 5
    @irene That's true, though who uses Windows? πŸ™ˆπŸ˜‹πŸ€¦‍β™‚οΈπŸ˜πŸ€·πŸ»‍♂️πŸ₯¦
  • 22
    Ya, just what I need, passwords that require a capital, lowercase, symbol, number, oh, and A FRICKING EMOJI.

    If this becomes a reality, I will find you. -.-
  • 6
    @HoloDreamer the icons can be different but the underlying Unicode is the same.

    So you may have issues with iOS / Android and different android Roma having different icons for similar things.
  • 2
    @vmkantu you could be right.
    I haven’t seen the ο£Ώ “apple” emoji represented on other platforms.

    But the main ones would be, although that would reduce the amount needed to brute force with.
  • 3
    @irene πŸ‘¨‍πŸ’»πŸ‘¨πŸ»‍πŸ’»πŸ‘¨πŸΌ‍πŸ’»πŸ‘¨πŸ½‍πŸ’»πŸ‘¨πŸΎ‍πŸ’»πŸ‘¨πŸΏ‍πŸ’» which one would you like?
  • 7
    @Jilano Exactly the response I expected. Thank you for being the stability I need in my life.

    @ScriptCoded I don't trust my friends enough to put my password into their laptop. Who fucking knows what kind of viruses they may or may not have.

    @all Maybe only mobile app passwords for the time being then? You're never without an emoji keyboard.
  • 3
    @AlgoRythm You are very welcome!

    "I shall be the foundation upon which you may strive."

    Disclaimer: Additional fees may apply.
  • 0
    I heard someone propose this a while back. It was immediately met with a reason why it is a bad idea.

    I believe it boils down to the fact that emoji, while looking exactly the same, actually might be encoded slightly differently, depending on your platform. If that is true, it would mean emoji passwords are a veeeeery bad idea.
  • 0
    This is actually a good idea. Even adding one emoji to your AN password should increase its security.
  • 0
    @irene Well... Yes. But while the purpose of unicode is to preserve every character when going to and then from unicode, I am not sure whether they guarantee anything about a unique encoding.

    I can ask the original person who came up with this story, if you want :-)
    He knows a bit more about it than me.
  • 7
    what immediately raises to my mind is how easy it would become to social engineer an all emoji password by looking at the most recently used emojis on others mobile emoji keyboards πŸ€“at least it could limit the amount of possible emojis to make brute force easier πŸ’―
  • 5
    The "range of characters" does not matter as much as the length of the password: k^x grows faster than x^k (that is, by keeping the set of characters constant and increasing the length you get better results than increasing the number of available characters and keeping the length constant).

    Example: let's say your password contains 6 emojis. This gives about 137000^6 combinations (137000 is the approximate number of unicode characters). Now let's say my password is "the milk is in the fridge". This has 24 ascii characters, resulting in 127^24 combinations, much higher than the short unicode password.

    The point is: if you want to make your password stronger, you have to make it longer.

    Think about it: your password is still a sequence 0 and 1, whatever encoding you choose.
  • 0
    While I see what you're saying and it actually doe theoretically make a shit tonne of sense...

    Would rather replace my eyes with my testicles than us emoji's in anything ¯\_(ツ)_/¯
  • 0
    @stacked Yeah but that password contains everyday words which makes it vulnerable to dictionary guesses
  • 0
    @RedPolygon check the numbers, and if they don't satisfy you, just add more words ;)
  • 1
  • 1
    @irene I did not intend to suggest the use of phrases, but just longer passwords. Personally, I use random 32-characters long strings of letters and digits (whenever stupid websites don't limit the length). Stronger than any shorter unicode-based password.
  • 0
    @irene stronger... and works in every environment
  • 4
    Yeah emoji for password. Emoji for username. Emoji for emails. Emoji numbers for bank accounts. Emoji all the way.
  • 0
  • 1
    http://emoj.li/ should have done this ^^
  • 0
    On a more serious note: If you are going to use the "make a story" argument, you can do that with your normal text passwords. Good luck breaking those with dictionary attacks.
  • 1
    Can you please post a number to your dealer? Apparently he has some neat stuff :D.
  • 0
    Good idea, that will technically lengthen the passwords. A problem I see is that users are just terrible at creating passwords so you would still have the "top 10 most used passwords" problem.

    Also, without giving it much thought, I wonder how well emoji passwords would fare in dictionary attacks
  • 0
    @MrJimmy WIN+;
  • 2
    @cursee They Egyptian did it /:
  • 5
    (I had to use paperclip because there isn't a unicode staple)
  • 3
    @AllanTaylor314 Huh, you're right. I though there was a red Swingline stapler, but I guess not?
  • 3
    My new password for everything 😜
Add Comment