Should You Use Emojis in Your Passwords?

World Emoji Day is a celebration of modern communication. In 2020, emojis are everywhere: politicians misuse them on Twitter, while clickbait articles obsess over their hidden meanings (What does the peach emoji really mean?). Emojis have even been the stars of a full-length animated movie.

One place where you don’t want to see an emoji is your password. The possibility of signing into Facebook using a string of cartoon monkey faces has caused some excitement online recently, but it’s not advisable.

So, can you use emojis in your passwords? Yes, sometimes. But should you do it? It's a thumbs-down emoji from us.

Why is it a bad idea to use emojis in passwords?

As emojis have become ingrained in online language, it only makes sense to start incorporating them in our passwords. After all, emoticons — emoji’s predecessor — are just combinations of symbols and characters we’re already allowed to use in login credentials. The grinning :D or winking ;) wouldn't look out of place in a password.

Sadly, there are several good reasons you shouldn't set your online banking password as a string of eggplant emojis.

  • It’s an easy way to get locked out. Just because you can create a password with emojis doesn't mean you'll be able to use it. Most phones and tablets automatically come with a library of emojis, but this isn't true for desktop computers. Many login interfaces won't include an emoji keyboard, so unless you're only using your phone, you could lock yourself out of your accounts.

  • Cross-platforming has a long way to go. Different operating systems won’t always represent emojis the same way. There’s no guarantee that an emoji which works perfectly on your iPhone will be recognized when you try to log in to the same account on Windows. Until emojis are standardized, cross-platforming will always be a potential hazard.

  • Emoji-based passwords are less likely to be random. A great password is a randomized one. Unfortunately, the accessibility of emojis near the front of your device's library will tempt many users to rely on them too heavily. Since certain emojis are more “popular” than others, hackers will know which ones to target first when trying to crack your password.

  • Emojis don’t protect against brute force attacks. The software behind brute force attack is becoming increasingly sophisticated. Sifting through a library of common emojis and likely combinations will take milliseconds.

What is a brute force attack?

Brute force attacks are a common way to crack passwords and gain access to private data. This method relies on a rapid-fire, trial-and-error process, using algorithms to guess thousands of potential password combinations in a second.

It’s a relatively simple process, but internet users’ tendency to use predictable, non-randomized passwords make it all the more effective.

Sadly, mixing emojis into your login credentials won’t reduce the risks of becoming a victim of a brute force attack.

4 steps to improving password security (without using emojis)

Adding a few padlock emojis to your password won’t make it stronger, but here are four steps you can take today to ensure that your data stays private and secure.

  • Use long, complex passwords. The key to a strong password is length and complexity. If you’re building a password (without using emojis), make sure it’s long and includes a range of numbers, symbols, and upper as well as lower-case letters.

  • Avoid recognizable words and patterns. Brute-forcing software usually relies on an algorithm that runs through common words and combinations. With this in mind, avoid using recognizable words, names, dates, and numerical sequences. Randomization is essential.

  • Use different passwords for different accounts. If one password gets cracked, the last thing you want is for the hack to spread across all your accounts. Ensure that every profile you use, from social media sites to online banking, has different login credentials.

  • Use a password manager. To combine all the essential elements of password security, get a password manager. These tools allow you to generate complex passwords, auto-fill login forms, and maintain cross-platform data security.

NordPass: the stress-free way to stay secure

Among password managers, NordPass sets a high bar. The service generates randomized passwords for all your accounts and can even store payment card details for later use.

Your passwords stay protected inside an encrypted online vault, where even NordPass employees can't access them. NordPass can auto-fill forms and login interfaces on your behalf, so you don’t need to remember your own passwords.

Emojis are fun. Hacked passwords are not. This World Emoji Day, let NordPass handle your security.

Monica Webster
Verified author
Monica is the spirit of our content team. Her bubbliness and creativity sparkle her articles. She loves to investigate various security related problems and bring useful tips to readers. When she is not writing about technology, she explores art.
Subscribe to NordPass news