Unicode in Google passwords



  • I clicked on YouTube's Create Account link in the vain hope that they'd listened to the pleas and anger of people who wanted to retain independent accounts for the service. (Of course not.)

    Their password strength indicator doesn't quite work properly. I noticed that if you enter a password comprised of all the shifted numbers on a UK keyboard (!"£$%^&*()) it never gets past the status of "Password strength: Too short".

    It turns out that a password containing any Unicode character (such as "£") is considered to be too short. For example, enter "aaaaaaaa" – this minimum-length string gives you a "Weak" password. Now follow up by, for example, "á" – watch the indicator drop back down to "Too short".

    Firefox 7 and IE 8 both do this; Opera 10 (!) doesn't show the strength gauge at all.



  • Actually, it seems specific the "£" symbol. Both the "€" and "؇" (random Unicode character from character map), work fine...



  • Weird. I know á upsets it, as does °, but not € or • …

    The password is actually shipped off via AJAX for analysis on each keystroke, so we won't be able to easily determine where it's going wrong. I notice that the same page also contains an exhaustive list of misspellings of Hotmail and Yahoo domains.


  • Garbage Person

    @Daniel Beardsmore said:

    notice that the same page also contains an exhaustive list of misspellings of Hotmail and Yahoo domains.
    Does it include hotmale?



  • Sadly no, but it does include homail.com, and naturally rotmail.com and shotmail.com (I want to see the keyboards that would lend themselves to those kinds of mistakes).



  • @Daniel Beardsmore said:

    … rotmail.com and shotmail.com (I want to see the keyboards that would lend themselves to those kinds of mistakes).

    Well, there actually are such keybords; it’s called neo-layout and is something like Dvorak (common letter sequences are from pinkie to index finger, common letters in the centre, or such ergonomics stuff) but for German. However, Youtube only has gotmail.com, but not kotmail.com and notmail.com.



  • @m said:

    @Daniel Beardsmore said:

    … rotmail.com and shotmail.com (I want to see the keyboards that would lend themselves to those kinds of mistakes).

    Well, there actually are such keybords; it’s called neo-layout and is something like Dvorak (common letter sequences are from pinkie to index finger, common letters in the centre, or such ergonomics stuff) but for German. However, Youtube only has gotmail.com, but not kotmail.com and notmail.com.

    Someone needs to start a webmail service called nomail.com.



  • @Daniel Beardsmore said:

    Sadly no, but it does include homail.com, and naturally rotmail.com and shotmail.com (I want to see the keyboards that would lend themselves to those kinds of mistakes).
     

    I used to do hotmaio.

     



  • @Daniel Beardsmore said:

    it does include homail.com
    Hey, that's not a misspelling, that's where keep in touch with all my bitches!



  • @mallard said:

    Actually, it seems specific the "£" symbol. Both the "€" and "؇" (random Unicode character from character map), work fine...
     

    It's not a bug, it's a feature! What if some PHB told his secretary, "OK now, I'll be on vacation so you need to check my email... the password is hunter42£... that's hunter, like the guy who shot Bambi's mother, 42 like the answer to life the universe and everything, and then a pound sign!" And the secretary dutifully entered hunter42#, and couldn't log in, and missed some important email! So Google is doing these folks a favor by allowing only one kind of pound sign, so as to eliminate any ambiguity...


  • Discourse touched me in a no-no place

    @ekolis said:

    And the secretary dutifully entered hunter42#, and couldn't log in, and missed some important email!
    But that's a hash octothorpe number sign.



  • @PJH said:

    @ekolis said:
    And the secretary dutifully entered hunter42#, and couldn't log in, and missed some important email!
    But that's a hash octothorpe number sign.

    Haha! You've never tried to tell a layman to press the "number sign", only to have to explain "the pound symbol" because they didn't understand you? Lucky you!


  • Discourse touched me in a no-no place

    @dohpaz42 said:

    Haha! You've never tried to tell a layman to press the "number sign", only to have to explain "the pound symbol" because they didn't understand you? Lucky you!
    Nope. I'd usually tell them to press the hash key and they'd know exactly what I was talking about.



  • @ekolis said:

     

    ... What if some PHB told his secretary, "OK now, I'll be on holiday so you need to check my email... the password is hunter42£..

     

    FTFY



  • @PJH said:

    @dohpaz42 said:
    Haha! You've never tried to tell a layman to press the "number sign", only to have to explain "the pound symbol" because they didn't understand you? Lucky you!
    Nope. I'd usually tell them to press the hash key and they'd know exactly what I was talking about.

    Hashbrowns!

    But of course I'm always talking about hashbrowns...


  • ♿ (Parody)

    @orange_robot said:

    @ekolis said:
    ... What if some PHB told his secretary, "OK now, I'll be on holiday so you need to check my email... the password is hunter42£..

    FTFY

    A real Scrooge, eh? Doesn't let the secretaries even have holidays off?



  • @PJH said:

    @dohpaz42 said:
    Haha! You've never tried to tell a layman to press the "number sign", only to have to explain "the pound symbol" because they didn't understand you? Lucky you!
    Nope. I'd usually tell them to press the hash key and they'd know exactly what I was talking about.
     

    Unless they are perl programmers... then they go pressing the stupid % key...



  • Just refer to it as the Tic-Tac-Toe key.



  • TRWTF is assuming that the PHB's password is likely to be something like "hunter42£" rather than something like, say, "fred".


Log in to reply