Reminder to anyone generating random strings to use as passwords : please refrain from using anything else than alphanumeric characters.

If you want more entropy, just make it longer.

Why ?
👇
Adding special characters does not bring any extra security compared to making the string longer.

It however brings new categories of problems : escaping special characters in config files / storage medium / transmission medium.
This can happen in very unexpected shapes.

* A crappy rescue web terminal where you can't type your emergency root password
* A yaml config file
* A physical serial console
* Dictating it over the phone
* Typing it on a keyboard layout other than yours
This thread only affects passwords that won't need to be remembered.
For example, service account passwords, or passwords stored in your password manager.

User-rememberable passwords are an entirely different story, cf https://xkcd.com/936/ 
You can follow @toadjaune_.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: