Ask LH: Is A Non-English Password Safer?

Ask LH: Is A Non-English Password Safer?

Dear Lifehacker, I know it has been repeatedly recommended that one should never use common words as passwords — but is it OK to use foreign words? Perhaps not commonly spoken languages such as French or German, but not from languages such as perhaps Finnish or anglicised Chinese or Japanese? Thanks, Multilinguist

Dictionary picture from Shutterstock

Dear ML,

We wouldn’t recommend this approach for two simple reasons. The first is that if anyone is trying to guess your password with a brute force dictionary attack, they can just as easily get hold of a word list in Finnish or anglicised Japanese as in English. Brute force attacks aren’t especially common (since most password systems restrict the number of failed attempts), but in a scenario where they might matter, choosing a non-English language is no kind of protective barrier.

The second is that the best password isn’t any kind of word that’s easy to memorise — it’s a meaningless and hard to reproduce sequence which is only used for a single purpose. That’s annoying, but it remains the best way to stay secure, so use a password manager rather than relying on your knowledge of foreign languages, however comprehensive.


Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.


  • Edit: Unlike lifehacker, I mark my edited posts 😉
    (The article has been modified since posting)

    “The first is that if anyone is trying to guess your password with a brute force dictionary attack”

    Brute.. force.. dictionary attack? So then what comes after the dictionary attack, a ‘regular’ bruteforce attack… ?

    And you are missing the point entirely. The point is to use non-english characters, which basically nothing created anywhere in most of the world except potentially some subversive asian hackers, hacking their own country instead of the rest of the world, are coded for as they use the latin character set.

    Not all sites allow for this as they quite often enforce ‘insufficient’ character encodings rather than a UTF based encoding.

    I still agree it’s not necessarily the best simply because it’s hard to manage, in many implementations relying on the using sites like (as an example) to type the characters. A difficult English password wouldn’t statistically speaking be as potentially strong (especially as one that mixed say mandarin AND latin characters), but in reality it can be realistically strong enough for any given purpose.

    • anglicised Chinese or Japanese

      The intention of this part of the question is unclear here, but I think OP is suggesting using anglicised characters as part of the password ie. not non-English characters… in which case you would be the one missing the point =P

      • They edited the post heh. They do it frequently to my frustration, and it doesn’t update the time the story was posted at or mark it as edited at all. Quite annoying and takes away the self satisfaction I get from correcting people on the internet.. How rude haha ^_^

  • Using foreign words is actually very good idea since how is the hacker to know what language you have chosen. Using two foreign words in a row is even better. dog + koer =dogkoer i dare any hacker to start mixing dictionarys

  • There are between 6000 and 7000 languages in the world. The vast majority of these do not have dictionaries. If you happen to know one of those, then I don’t see why you shouldn’t go ahead and use a common word from it.

    • For instance, Australian. Not ‘Official’ Australian, Australian. As documented by Nino Culotta. An example might be “Owyergoinmateorright?”, a word meaning “Hello”.

Show more comments

Log in to comment on this story!