Font-sensitive passwords

I thought I’d seen it all.  I mean, I’ve actually gotten the “cup holder” call about a CD-ROM drive before.  I really thought I’d heard every stupid question every idiot using a computer could ever have.  Until today, that is.  A friend of mine brought up an email he got at work that took the Stupid Prize away from me.  The email introduced me to the concept of font-sensitive passwords.

Wait, what?  Yes that’s right – evidently, according to the idiot on the other end of this email, an ‘a’ in Arial is a wholly different character from an ‘a’ in Calibri.  Or in Times New Roman.

Now, for those of you saying that this has some validity because they look different, I can understand where you’re coming from.  However, that’s just the appearance – the actual letter is known to the computer by an ASCII code, which basically means it’s “number 42”.  The computer doesn’t know that it looks any different – it just knows it as “number 42”.  So no, the ‘a’ in Arial is no different than the ‘a’ in Calibri.

So where di all this come from?  Well, let me paste the sanitized email that was shared with me, with permission of the aforementioned friend who shared it:

Hi StatsGuy,

I’ve discovered something odd about the login system for FileZilla:

My assigned user name and p/w were sent to me in an email by StudyGirl:

<username>

xxx’xxxxx

When I copy/paste the p/w from her original email into the FZ login, it works, but when I type it from my computer’s keyboard, it does not.

Unlike the reast of StudGiurl’s email (which was rendered in the Arial font), my user name and p/w were in the Calibri font in her email (presumably she copy/pasted those from an email from your database group).

Here is a copy/paste of that p/w:

xxx`xxxxx

You can see that the apostrophe looks quite different in the Calibri font than when rendered in the Arial font (or most other fonts). Indeed, when I copy/paste the Calibri p/w into the F/Z login, but replace the apostrophe with one generated by my keyboard, the p/w does not work.

Clearly, FZ p/ws are not only case-sensitive, they are also font-sensitive, which they should not be.  I’ve never heard of a font-sensitive p/w – that would be a very impractical thing to have.  I suggest that all FZ p/ws involve only letters and numbers – characters that could possibly be rendered differently by different computer systems should be eliminated.  Maybe this is a ‘Mac effect’ but FZ should be able to accept login from Macs just as wel from PCs.

It looks like I will have to have a different p/w assigned.  Can you please take care of that?

Thanks,

Guy that actually got through med school

Okay, so you’re telling me “well, a Mac might know it as a different number than a PC”, right?  Some of you probably are, except that’s not the case – otherwise, Macs and PCs wouldn’t be able to talk to each other at all.  The problem here is quite simple – if you look at the one character of the password that wasn’t x’ed out (sanitized), you’ll nitce a difference – a fairly important one.  What is the difference?  They are, in fact different characters – when you take a password that contains a backtick (back-quote) and replace that character with an apostrophe, you end up with a different (and in this case invalid) password.

That would be like saying “This computer should let me type a ‘c’ hen I really mean ‘t’!”  Umm, no…  you have to type the password CORRECTLY, dingus.

My friend, you win the contest.  I hope I’m never able to beat that story of stupidity.

Comments are closed.