NanoToolkit Blog

The Way to Keep in Touch.

What if we used foreign language passwords?

For the Sake of simplicity let’s keep this idea simple. Let’s assume that all our passwords are six characters long. Most firms recommend to users to use lower and uppercase English letters as well as numbers 0-9 and special characters in their passwords. This means we can use 26 lower case letters and 26 upper case letters, 10 digits and 12 special characters. Thus a typical English speaking person’s password always contains a combination of these 74 characters.

Given a password length of 6 characters the permutation possibilities of a typical password comes to 74^6=164,206,490,176. You might say nearly 164 billion combinations makes this password pretty secure and you would be correct. But the issue is many small firms do not have protections against a hacker trying as many passwords as they want and with modern computers one can generate all those permutation possibilities of passwords in less than 10-30 seconds and have the right password.

What if we had a chance to use all 256 characters that are supported in an ASCII charset? Then that six letter password would have far more combinations. To be Exact if we had 256 characters to choose our 6 letter password from the permutation possibilities would come to 256^6=281,474,976,710,656. That basically means if we used our full ASCII charset in passwords we would make our passwords 1,714 more secure (harder to guess). That’s 281 trillion permutation possibilities at 256 characters vs 164 billion permutation possibilities for 74 characters.

Of course that’s not a realistic approach because many of ASCII characters are actually not printable characters. The second issue that comes to mind is that there is no possible keyboard available that contains 256 keys on the keyboard (aside from on screen keyboards).

But what if we took this concept further by applying foreign language characters to our passwords. Again let’s assume the password is always 6 characters long. Since Unicode Characters are 2 bytes (16 bits) and let’s assume the entire charset is available to be used in the password. That makes the permutation possibilities for our passwords 65,536^6=79,228,162,514,264,337,593,543,950,336. This essentially would mean that a Unicode password is 281,474,976,710,656 times harder to guess than an ASCII charset. To summarize a 6 Character Unicode password is 281 trillion times harder to guess than an ASCII passwords.

So why not use foreign languages in passwords then? The following reasons come to mind.

· Most people are only proficient in one language.

· Keyboards layouts in each country by default are preconfigured to language specific to that locale.

· Using third party computing devices (Phones, Tablets, and Computers) becomes more difficult because their default keyboard is likely to be different than ours.

· Many Applications are designed to accept non-ASCII characters.

Note 1: The probability of how many combinations it takes to guess your password is actually quite complicated since people use words in their passwords rather some random set of characters. Of course the probability changes for each person as well because there would be a preferred set of phrases for each person.

Note 2: Even if people were to use foreign language characters in their passwords; they would use characters from one or two languages they are familiar with not the entire charset. Thus the password would not be a considerably more secure than a typical ASCII character password.