1. Home
  2. Forums Index
  3. Local / Foo 4:17 pm May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Remember the comma

         

Sgt_Kickaxe

4:21 pm on Oct 8, 2022 (gmt 0)



Including a comma in your password has the fun side effect of breaking the password when someone dumps your credentials into a .csv file.

phranque

5:43 am on Oct 9, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



not really an issue for most.
Fields containing line breaks (CRLF), double quotes, and commas should be enclosed in double-quotes.

source: RFC 4180: Common Format and MIME Type for Comma-Separated Values (CSV) Files [rfc-editor.org]

tangor

10:00 am on Oct 9, 2022 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I'm with phranque ... Treated as a text field, which can include embedded commas.

Sgt_Kickaxe

1:01 am on Oct 10, 2022 (gmt 0)



I'm with phranque ... Treated as a text field, which can include embedded commas.
In your datase, sure, but not on a script kiddies stolen file.

When you open a .csv file in OppenOffice (free, which script kiddies love) and it asks for tab or comma delimitation, and their file is set to tabs (default), the comma entries break and split anything after a comma into a new column.

In a stolen .csv list of hundreds of thousands of passwords yours might break into multiple columns and not work in their automated "scripts" trying to use them.

This isn't meant to protect your pass on any site, it's meant to be just another headache for a script kiddie. A bigger headache is reputable companies not telling their customers they've been compromised for weeks and months.

tangor

1:45 am on Oct 10, 2022 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Heh, not sure what you mean. A .csv file is already formatted. I will grant that the different between tab and comma is significant, but that will would not obfuscate the password with a comma, just add one more field (improperly formatted) and easy to resolve. Even script kiddies who take the path of least resistance can solve that one.

Still, inserting punctuation in a password is a good idea, and often overlooked by users.

I have a fondness for acceptable punctuation and other marks in my passwords. :)

Sgt_Kickaxe

3:17 am on Oct 10, 2022 (gmt 0)



Script kiddies buying bulk password lists for $5 aren't typicaly going to spend 2 seconds adding or fixing any single entry, that's what I meant. It's "might not help but can't hurt" advice.

Note: This isn't new advice, just new here. I'm not taking credit. I remember it being discussed elsewhere a year ago but forget where. Someone was trying to export their LastPass vault to csv and became frustrated that a single comma in any entry broke the row. Sometimes even devs forget to use a real csv library when they offer a legit download option.

A few thought "well this is a problem you might actually want your password to cause if it ends up in a csv file".

engine

8:27 am on Oct 11, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Not a bad idea, however, a comma might not be an acceptable special character allowed on a password system, and might not work.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Local / Foo 4:17 pm May 5, 2026