6

For English we have some good practice when we want to create an password, like Add numbers, symbols and capital letters. As result we have password like this: P@ssW0rd. Is there any rule like this to create password in Japanese?

fba_pereira
  • 63
  • 3

3 Answers3

8

Note that this is no longer the suggested way to create strong passwords. It tends to be counter productive, and in fact your particular example has good odds of being cracked quickly if someone were to attempt to bruteforce it. Here is a breakdown:

XKCD #936: Short complex password, or long dictionary passphrase?

Password length is more important than password complexity, and the language doesn't particularly matter. Regardless of language the total amount of "randomness" is what protects a password from bruteforce. Whether you are using English letters or Asian characters, the more the better.

Conor Mancone
  • 29,899
  • 13
  • 91
  • 96
  • 1
    Perhaps a summary of the new NIST rules https://www.passwordping.com/surprising-new-password-guidelines-nist/ and the NIST rules themselves https://pages.nist.gov/800-63-3/sp800-63b.html would be appropriate for this post. RPM is great, but he's not the authority that NIST is. – Monica Apologists Get Out Sep 27 '18 at 16:40
2

This is on stackoverflow. Simple rules when applying internatinalization to an app.

  1. Do not limit or require a-z and 0-9.
  2. Passwords should be in the coding scheme of UTF-8 not ASCII.
    • Side Note: UTF-8 is backwards compatible with ASCII because the first 128-bits represent the ASCII character set.
  3. Make sure you set the meta tag of the website or whatever app to UTF-8.
  4. Always hash passwords using current NIST approved hashing algorithms. sodium cryptography library includes argon2, argon2i, argon2d
  5. Apply an appropriate length. We cannot assume a password of a specific length in the U.S. will be the same in say Vietnamese. Therefore saying a length of 10 characters in the U.S. might actually be 6 characters in the Vietnamese language because of some extra bits that are needed produce the diacritical marks.
  6. Etc etc best practices when storing password hashes into your databases

This post might help, it’s for Chinese characters but Japanese have kanji which uses the same characters for some of their ideas/words. https://stackoverflow.com/a/1037486/10223458

Nathan
  • 43
  • 5
  • 3
    SHA2 and SHA3 are not suitable for hashing passwords. Use bcrypt, scrypt, argon2, or pbkdf2. – Sjoerd Sep 27 '18 at 14:28
  • I believe the OP was asking how to generate a secure password for himself, while you are answering how to manage passwords as a web application developer. – Conor Mancone Sep 27 '18 at 14:38
  • @Sjoerd Good catch, I had forgotten that. I will update my answer – Nathan Sep 27 '18 at 14:42
  • 1
    @Conor points 1, 2, 3, & 5 touch on the OP’s questions. Only points 4 & 6 touch on password management. – Nathan Sep 27 '18 at 14:47
1

What you describe is not actually good practice for English passwords. Such trivial substitutions are easily overcome by an attacker. A better practice is using Diceware, randomly selecting several words.

This could work even better in Japanese and other Asian scripts which can represent entire words in only one or two characters. English Diceware has the problem that many websites restrict the password length to be too short for a good Diceware passphrase. Asian scripts will not have this problem (although they may have the problem of password entry forms only accepting Latin scripts).

Ben
  • 3,846
  • 1
  • 9
  • 22