Evaluating the Impact of Special Characters on Password Security: a Comparative Analysis

He, Daojing; Liu, Zhiyong; Chan, Sammy; Zhou, Beibei; Guizani, Mohsen

Item

Evaluating the Impact of Special Characters on Password Security: a Comparative Analysis

He, Daojing
;
Liu, Zhiyong
;
Chan, Sammy
;
Zhou, Beibei
;
Guizani, Mohsen

Author

He, Daojing
Liu, Zhiyong
Chan, Sammy
Zhou, Beibei
Guizani, Mohsen

Department

Machine Learning

Type

Journal article

Date

2025

Language

English

Collections

Publications

Show all metadata

Abstract

Text-based password authentication remains essential for identity verification on internet platforms and blockchain systems. However, as computational power advances, security threats to user passwords have intensified, raising concerns about their effectiveness. While special characters (i.e., non-alphanumeric symbols, which include punctuation marks, mathematical symbols, and other non-letter/number characters like '.', '@', '#', '$', and similar) are often recommended to enhance password strength, the National Institute of Standards and Technology (NIST) prioritizes length over complexity, challenging their necessity. This study fills a critical gap in understanding user behavior regarding special character usage. By analyzing 15 datasets from Chinese, English, and German languages, we examined patterns of special character incorporation and their impact on password strength. Our findings indicate that users frequently employ predictable methods for including special characters, potentially compromising security, especially under stringent policies. We present three key contributions: (1) an analysis of special character usage patterns, (2) a quantitative assessment of strength differences using the PCFGv4.1 model, and (3) actionable recommendations for stakeholders to enhance password security practices. This research further advocates for aligning password policies with user behavior for more effective security. © 1986-2012 IEEE.

Citation

D. He, Z. Liu, S. Chan, B. Zhou, and M. Guizani, “Evaluating the Impact of Special Characters on Password Security: a Comparative Analysis,” IEEE Netw, 2025, doi: 10.1109/MNET.2025.3540319.

Source

IEEE Network

Keywords

Internet security, NIST guidelines, password policies, password security, special characters

Publisher

IEEE

DOI

10.1109/MNET.2025.3540319

Additional links

https://ieeexplore.ieee.org/document/10879019

Evaluating the Impact of Special Characters on Password Security: a Comparative Analysis

He, Daojing
;
Liu, Zhiyong
;
Chan, Sammy
;
Zhou, Beibei
;
Guizani, Mohsen

Author

Supervisor

Department

Embargo End Date

Type

Date

License

Language

Collections

Research Projects

Organizational Units

Journal Issue

Abstract

Citation

Source

Conference

Keywords

Subjects

Source

Publisher

DOI

Additional links

Full-text link

Evaluating the Impact of Special Characters on Password Security: a Comparative Analysis

He, Daojing ; Liu, Zhiyong ; Chan, Sammy ; Zhou, Beibei ; Guizani, Mohsen

Author

Supervisor

Department

Embargo End Date

Type

Date

License

Language

Collections

Research Projects

Organizational Units

Journal Issue

Abstract

Citation

Source

Conference

Keywords

Subjects

Source

Publisher

DOI

Additional links

Full-text link

He, Daojing
;
Liu, Zhiyong
;
Chan, Sammy
;
Zhou, Beibei
;
Guizani, Mohsen