hehe, I'm not assuming anything... it seem you are arguing for the sake of the argument, not the actual content.   Listen, don't talk about limited charsets during brute force, this is something you brought up, just acknowledge the fact that the number of possible chars a user can choose from when setting a password without special characters is smaller than the number of possible chars a user can choose from when allowing special characters - this is simply the only point I'm highlighting in this post, together with the fact that Cisco and Meraki should know better.. ... View more

I completely agree with PhilipDath... If you have a X character long password without special characters and one without special characters the time to brute force is significantly longer... This is true for 8 characters passwords as for 1000 characters passwords.. hence no reason what so ever to not allow special characters.   I see the point if a website puts a limit to number of special characters, and furthermore tells the user the limits, but I have never seen such a site, and it hasn't got anything to do with my original post.   I don't use the same password anywhere, I generate a new one for each site, and by default a newly generated password contains special characters - at least for me.... ... View more