For the Sake of simplicity let’s keep this idea simple. Let’s assume that all our passwords are six characters long. Most firms recommend to users to use
lower and uppercase English letters as well as numbers 0-9 and special characters in their passwords. This means we can use 26 lower case letters and 26
upper case letters, 10 digits and 12 special characters. Thus a typical English speaking person’s password always contains a combination of these 74
characters.
Given a password length of 6 characters the permutation possibilities of a typical password comes to 74^6=164,206,490,176. You might say nearly 164 billion
combinations makes this password pretty secure and you would be correct. But the issue is many small firms do not have protections against a hacker trying
as many passwords as they want and with modern computers one can generate all those permutation possibilities of passwords in less than 10-30 seconds and
have the right password.
What if we had a chance to use all 256 characters that are supported in an ASCII charset? Then that six letter password would have far more combinations.
To be Exact if we had 256 characters to choose our 6 letter password from the permutation possibilities would come to 256^6=281,474,976,710,656. That
basically means if we used our full ASCII charset in passwords we would make our passwords 1,714 more secure (harder to guess). That’s 281 trillion
permutation possibilities at 256 characters vs 164 billion permutation possibilities for 74 characters.
Of course that’s not a realistic approach because many of ASCII characters are actually not printable characters. The second issue that comes to mind is
that there is no possible keyboard available that contains 256 keys on the keyboard (aside from on screen keyboards).
But what if we took this concept further by applying foreign language characters to our passwords. Again let’s assume the password is always 6 characters
long. Since Unicode Characters are 2 bytes (16 bits) and let’s assume the entire charset is available to be used in the password. That makes the
permutation possibilities for our passwords 65,536^6=79,228,162,514,264,337,593,543,950,336. This essentially would mean that a Unicode password is
281,474,976,710,656 times harder to guess than an ASCII charset. To summarize a 6 Character Unicode password is 281 trillion times harder to guess than an
ASCII passwords.
So why not use foreign languages in passwords then? The following reasons come to mind.
· Most people are only proficient in one language.
· Keyboards layouts in each country by default are preconfigured to language specific to that locale.
· Using third party computing devices (Phones, Tablets, and Computers) becomes more difficult because their default keyboard is likely to be different than
ours.
· Many Applications are designed to accept non-ASCII characters.
Note 1: The probability of how many combinations it takes to guess your password is actually quite complicated since people use words in their passwords
rather some random set of characters. Of course the probability changes for each person as well because there would be a preferred set of phrases for each
person.
Note 2: Even if people were to use foreign language characters in their passwords; they would use characters from one or two languages they are familiar
with not the entire charset. Thus the password would not be a considerably more secure than a typical ASCII character password.