Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

30
  • 89
    Allowing symbols is passwords does increase the search space for passwords and makes them more secure, there's really no reason to disallow them.They may be using the passwords internally and thus need to sanitize them of symbols? But that would indicate other things that you should be worried about such as storing your password in it's plaintext form in a database.
    – sethmlarson
    Commented Jan 26, 2016 at 19:03
  • 9
    Nitpicking your math: typically passwords are case sensitive, so only allowing letters and numbers would have 62^8 combinations instead of 36^8.
    – TTT
    Commented Jan 26, 2016 at 19:59
  • 13
    It's a mistake to think leaving symbols in the character set magically adds security. If you want to increase defenses against brute force password cracking, you are much better off by increasing the minimum password length to 12 or more characters, and by requiring increased complexity including requiring all three types of upper and lower case characters and digits.
    – John Deters
    Commented Jan 26, 2016 at 20:50
  • 12
    Because they're wrong.
    – DJMcMayhem
    Commented Jan 27, 2016 at 1:59
  • 6
    Because one of the them is called Little Bobby Tables and they have learnt their lesson: xkcd.com/327
    – Matt Wilko
    Commented Jan 27, 2016 at 10:11