global password strategies

Fri Apr 8 07:46:41 CDT 2022

I doubt a 64 character Hebrew passphrase is easy to hack. Certainly it would not be included in the several million common passwords database that hackers use.

Mixed directionality could possibly be a problem, depending on how the application handles text. And many applications do allow one to optionally display the password they typed.

Best Regards,

Jonathan Rosenne

-----Original Message-----
From: Unicode <unicode-bounces at corp.unicode.org> On Behalf Of Dominikus Dittes Scherkl via Unicode
Sent: Friday, April 8, 2022 3:24 PM
To: unicode at corp.unicode.org
Cc: Dominikus Dittes Scherkl <lyratelle at gmx.de>
Subject: Re: global password strategies

Am 08.04.22 um 07:57 schrieb Jonathan Rosenne via Unicode:
> Personally, I use Hebrew passwords in systems that allow it. Since my 
> passwords are all Hebrew I don’t have directionality concerns.

I won't disclose what scripts I use in my passwords, as that would reduce the security level - I well could only use digits then, which nobody would consider a good idea.
In fact, I would recommend to use characters from different scripts in a password.
But directionality should be no problem at all, as I remember which keys to press in which order. It's not displayed, so why should I care?

But I hope that whatever processing is done to the password to come to its hashed value, it should be always the very same processing, so that the same character sequence will result in the same hash on any device.

--
                                          Dominikus Dittes Scherkl