Reminder to anyone generating random strings to use as passwords : please refrain from using anything else than alphanumeric characters.

If you want more entropy, just make it longer.

Why ?
https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Down pointing backhand index" aria-label="Emoji: Down pointing backhand index">
Adding special characters does not bring any extra security compared to making the string longer.

It however brings new categories of problems : escaping special characters in config files / storage medium / transmission medium.
This can happen in very unexpected shapes.

* A crappy rescue web terminal where you can& #39;t type your emergency root password
* A yaml config file
* A physical serial console
* Dictating it over the phone
* Typing it on a keyboard layout other than yours
This thread only affects passwords that won& #39;t need to be remembered.
For example, service account passwords, or passwords stored in your password manager.

User-rememberable passwords are an entirely different story, cf https://xkcd.com/936/ ">https://xkcd.com/936/"...
You can follow @toadjaune_.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: