• abhibeckert@lemmy.world
      link
      fedilink
      English
      arrow-up
      51
      ·
      edit-2
      1 year ago

      The website should feed your password straight into a well known hashing algorithm or key derivation function that has undergone a decade or more of careful scrutiny, without any other processing. The output will usually be a fixed length base64 or hex string.

      There’s a short list of about three options that are currently considered acceptable, and a few more are probably fine but are a little too easy to crack these days (e.g. anything that shares the same math as bitcoin… what if someone throws a mining datacentre at your password?)

      If the site breaks, maybe you don’t to be a customer of that service.

      • Vilian@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        make one account with emoji password to test their system, if it break, good, go create hour account somewhere else

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        It’s not the processing on the server that’s the problem. To reach the server the password needs to go through several layers of character encoding, if any of them fails the server will receive something different from what you meant. And when you try to login from another device and the layers will be different you’ll effectively be sending a different password.

        • ricecake@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          The same character encoding that would break emoji would break a significant portion of the words names, so if your system can’t handle it, then you deserve all the trouble that you run into.

          Unicode isn’t that hard.

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            You’re not wrong, but some systems, especially smaller ones are intended for English-only situations (or originally were) so non-English language situations might not be as well tested and/or may cause things to break.

            Remember there are some sites that still refuse service if you put a " in your password. I’m not saying it’s right, but it’s a definite possibility.

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            That is very much not a 90s problem. Especially if the company has a website and an app or is a small company not thinking about these things.

            In theory this shouldn’t be an issue but it definitely could be an issue on certain services.

    • Arin@kbin.social
      link
      fedilink
      arrow-up
      27
      ·
      edit-2
      1 year ago

      auth servers breaking from emojis would be hilarious, pretty sure that’s why older auth servers only allow certain symbols in passwords

    • Kusimulkku@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      If some auth server breaks because I put emojis in my password then that’s right and deserved

    • 50gp@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      1 year ago

      and there are many trash implementations that dont recognise something like :emoticon: as shortcut and turn it into emoji, no no you have to use emoji keyboard to type them

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      OTOH, there is only one character set that matters, and any system using a different one is, by that fact alone, broken.

      • Funwayguy@lemmy.world
        link
        fedilink
        English
        arrow-up
        24
        ·
        1 year ago

        Hahaha, I wish.

        You would be amazed at how ancient and poorly maintained many web servers are on the modern internet. SQL injection still consistently make the top 3 web app vulnerabilities as of 2021. If that isn’t being sanitized properly I don’t expect emojis would be handled much better.

      • jordanlund@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        1 year ago

        For that particular bug, yes, but there have been many other variations on that theme and not limited to Apple tech. I’ve seen it nuke an email send for example because the SMTP server choked on emojis placed in a subject, to, or from line.