I keep seeing these charts that say 8 characters password can be brute forced in about a second, with more security if you add number, symbol, special characters. As a bilingual, how come we don’t add other language characters? And won’t most sites block your attempt if you are Bruteforcing. Many sites already lock you out after ‘suspicious attempts’ or have 2fa. I can’t even sign into my own password manager on another device while traveling even if I wanted to.
In: 0
First, you almost never run into “live” brute force attacks, in that someone is trying to brute force a password on the actual server. Instead the password database is exfiltrated by some other means, and the attack is run on the database data, attempting to match passwords to their hashed values.
It’s not guaranteed that the backend running the authentication knows how to parse extended character sets. One website might support the Unicode character set, another might support plain ASCII, another might do ISO/IEC 8859. So using non-Latin characters isn’t a good general suggestion because websites might not know what to do with it.
Latest Answers