Comment by kevinmchugh
6 years ago
Special characters in passwords were highly recommended when rainbow tables were an effective way to attack password hashes. See this old Coding Horror blogpost for an idea what it was like at the time: https://blog.codinghorror.com/rainbow-hash-cracking/
Salted hashes have made rainbow tables less effective. Password managers have made single-use passwords more tenable.
Not knowing how a system will store my password, I still prefer to include special characters where available. Anecdotally, I tend to see the systems that are most averse to special characters are also strict about character limits, so simply increasing password length is not possible.
Password Managers are the new goto for obtaining all passwords and web browser zero days make it very easy to lift and then use for a variety of purposes. A simple lined small note book is good, but made secure is best, yet how would you make a pwd note book secure from someone else? This even applies to devices like bank cards and other things which needs a security code of sorts.
Keep your password manager offline with Keepass2 USB keyboard plugin for Keepass2Android [1], but I'm not sure how well it works. Too-fast USB keyboard input does seem to have issues (the open issue seems similar to things I've seen an AlphaSmart 2000/3000 do in USB emulation mode; PS/2 always worked fine).
There's also this other project, which seems more generic/difficult [2]
1: https://github.com/whs/K2AUSBKeyboard 2: https://github.com/pelya/android-keyboard-gadget
Make the passwords one character longer than what is noted in the book? Only you know the character and where it is added.
For bank cards with fixed lengths, increment/decrement the nth character, swap two characters, or do a circular shift.
Or an arbitrary number of characters. If you know the additional six alphanumeric characters added, that's another 14 million combinations to test.
Or 2FA, or ....