03192015Thu
Last updateFri, 13 Mar 2015 5pm

Password conundrums & more

Regular readers of this column are well aware of my incessant reminders to use a cryptographically-strong password for your email account.  For years I have been urging, nay proselytizing, that everyone should use a password at least a dozen characters in length with a mix of upper and lower case, letters and numbers, with a few symbols thrown in.  Today is the day I am going to backtrack just a little bit on this recommendation because of an experience I recently had.

A new client called me because he was having trouble accessing his Yahoo email account.  He has a paid account in order to be able to use the Mac Mail software on his Apple computer as his preferred method of access.  He had found that he was able to access his email account by using a web browser, Firefox or Safari, but that the Mac Mail program failed to accept his password.  The password was something like “Harry+49” which is almost okay as it uses upper, lower, numbers and a symbol.  This password worked just fine when entered through a web browser and so we knew for an absolute certainty this password was correct, but it would not work with Mac Mail.  I was stymied and unable to come up with any explanation for this because the Mac appeared to be working perfectly, and the Mac Mail program also seemed perfectly okay.  I puzzled over this for more than a day before surfing past a web page containing some historical information on modem communications that appeared to be unrelated.

Thirty years ago when computers communicated via modem over phone lines we all had to use certain commands from the keyboard.  To switch from data mode to command mode a user would type a string of three plus signs (“+++”) known as an “escape sequence.”  This is the electronic equivalent of banging a gavel or tapping a glass with a fork to signal “Everyone stop and pay attention!”  I knew those old modem commands had nothing whatsoever to do with today’s email, yet something in the back of my mind made me wonder if it were somehow possible the Mac Mail program was mistakenly hearing the plus sign in that “Harry+49” password as a command and was stopping dead in its tracks.

I phoned and ran this idea past my client suggesting that he go on the web to Yahoo and change his password to leave out the plus sign.  A few minutes later I was pleased when he called me to announce “It worked!”  As of this writing we still do not know if this problem exists because it is a bug in Mac OS-X, Mac Mail, or Yahoo’s email server; but we have learned not to use certain “illegal” characters in passwords.  These prohibited characters probably include any character used as a computer control code in the past, as well as parenthesis, colon, slash, backslash and other symbols not appearing on a U.S. English keyboard.  Likewise, it is not possible to have an email address such as señThis email address is being protected from spambots. You need JavaScript enabled to view it. because the ñ is one of many letters not permitted to be part of an email address (only letters and numbers from the English character set are used).

What I have learned from this is that in choosing a password to use online it might be best to avoid using such creations as “¡$eñŏr1Ψa!” and stick with standard alpha-numeric characters found on an English keyboard.  Even if an email system will allow you to create and save such a password, it is clear there will be cases where programmers did not write their software to allow for some special characters to be used.  Even worse is the situation my client encountered in which the password worked with one software program (Firefox) but the exact same password did not work with Mac Mail.

Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico.  The opinions expressed are his own.  He may be contacted through his web site at SMAguru.com.