← Back to context

Comment by bhaak

10 years ago

Such problems are the reason why I never use anything but ASCII letters as passwords (if the system doesn't enforce arbitrary password policies). I'd rather have a longer ASCII-only password than a shorter one I might not be able to input.

There's also the issue that often you are not sure what keyboard layout is current enabled and even such unsuspicious characters like ! or # are on completely different locations on different keyboard layouts (then there's the z-y swap on German derived keyboards and have you ever had a look at a French keyboard layout?).

You can never be sure if a system locks you out after failed attempts, so I want to be sure that there are as few error sources as possible.

6 comments

bhaak

Reply
ramses0  10 years ago

I got bit one time at work by setting a password as "$foo", instead of "foo$" or "fo$o" ... turns out the password-setting script was written in perl and Strange Things happened where only some systems got updated but not others.

Honestly, probably exploitable now that I'm thinking about it... I'll have to stop by the security group and give them something to chew on over the holidays.

  • realusername  10 years ago

    I had the same problem at the university with a password with '*' in it. It was actually some old bash script behind it which would update random things.

danieltillett  10 years ago

I got bit by this problem before. I wrote a one liner to avoid generating passwords where the keyboard might be an issue [1].

1. http://www.tillett.info/2013/05/29/letters-to-avoid-in-creat...

  • jbit  10 years ago

    As somebody who uses numerous keyboard layouts on a daily basis, this is an interesting idea!

    I wonder how hard it'd be to make a script where you specify which keyboard layouts you're likely to encounter and it finds the common symbols...

    Of course, if you specify dvorak it'd wreck everything :)

r3bl  10 years ago

> ... have you ever had a look at a French keyboard layout?

My favorite one is Russian. I understand Cyrillic characters, but their positions are just completely messed up.

  • csydas  10 years ago

    What don't you like about it? I'm slowly getting used to the layout as I learn Russian, and the position per letter frequency feels about right for me. That is, most of the time my slowness in typing in Russian is a result of poor vocabulary and having to think about word agreements rather than feeling like letters are out of the way.