Literally any character could be part of a password. There is no technical reason one can’t, just implementation limitations.
That said, there’s some obvious ones you wouldn’t want to use, like backspace, delete, carriage return, line feed, tab, etc. Pretty much any control character likely to be consumed by the interface rather than entered as part of the password, yeah?
And characters not on a keyboard are also probably a poor choice because you’re dependent on interface for being able to enter those characters.
Characters that should probably work but might not be allowed:
* ‘ and ” because it’s used in programming to indicate string literals, etc.
* because it’s often used to mean “the next character is literal”
* ` because it’s used to shell out in a lot of languages
* % because it’s a wildcard in SQL
* $ because it often indicates a variable name or a field delimiter
* leading or trailing spaces
All those are fixable by sanitizing inputs, but some may just disallow them as well.
Latest Answers