4

It seems like acceptance of special character by a website depends on (1) Framework
(2) Additional policies enforced by an admin

For instance,

@%+\/'!#$^?:.(){}[]~ Supported by Oracle id connection

~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/ Supported by MS Active directory

Note that | works for MS, but not Oracle. I realize that admin can enforce anything and an esoteric framework or zealous admin can restrict any character, but which chars are commonly accepted?

What is the subset, generally accepted by most services?

I read similar questions:
ftp: special characters in password
Special characters in ssmtp password

Those deal with special situations.

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
Stepan
  • 284
  • 3
  • 10
  • The best guideline I have is to use those special chars a lot in long passwords and to complain if they do not work.It seems the only way to change the behavoiour. (e.g. when sites from Dell, VISa and VMware fail to accept many passwords without specifying this, or even sometimes stop after an *upgrade* of their systems.) – Hennes Apr 08 '17 at 17:22
  • well, for the most part it comes down to how your software stack handles input validation/sanitization. applications that safely encode input dont usually enforce character limitations, but those that do not will filter out characters that have exploitable meaning in their software stack, so for instance in web, markup and javascript delimiters like `<>{};`, or in SQL, stuff like `--;,`. Oracle probably restricts | because its hard to distinguish from lowercase L when printed. – Frank Thomas Apr 08 '17 at 17:27
  • This question is much too broad to be answered. “Generally accepted by most services” simply cannot be answered reasonably, without actually surveying such services, however you'd define them… the 100 top visited websites? The biggest companies? The most commonly used software frameworks? … What is the *actual* problem you are trying to solve here? – slhck Apr 08 '17 at 18:37
  • Seems like !@#._ are generally accepted. Have you seen forbidding policies on those? – Stepan Apr 08 '17 at 18:45
  • there isn't a common list, which passwords are accepted is up to the individual, creating the account authentication system – Ramhound Apr 08 '17 at 18:55
  • All those special characters used to be acceptable. But then it was decided that strings of punctuation symbols looked like representations of obscenities in cartoons and they were outlawed for political correctness so the computer would not be offended. :-) – fixer1234 Apr 08 '17 at 19:03
  • “I read similar questions:” No you haven’t. The two questions you refer to—[this one](https://superuser.com/questions/486314/ftp-special-characters-in-password) and [this other one](https://superuser.com/questions/431539/special-characters-in-ssmtp-password)— discuss issues in using special characters in passwords and software that *might* choke on those characters. They do not in anyway discuss the acceptability of any particular group of characters in a password. – Giacomo1968 Apr 08 '17 at 20:23
  • @JakeGould - *Yes I have*. I read similar questions, but they aren't really relevant. I added links to show that I googled this topic first. All I am saying - "please, don't mark this question as a duplicate of something similar but actually irrelevant". --- And indeed, they didn't mark it as a duplicate. Instead they put it on hold. – Stepan Apr 09 '17 at 03:07

0 Answers0