“Your password must contain a special character.” We’ve all hit that message — but which symbols actually count, and do some make a password stronger than others? The answer is more interesting than you’d think, and knowing it helps you build passwords that sail through any sign-up form. We at GetMyPassword list the special characters allowed in passwords, explain which to use, and clear up the quirks that cause those frustrating “invalid character” errors.
The full list of password special characters
According to OWASP, the security industry’s reference, the special characters generally allowed in passwords are every punctuation mark on a standard US keyboard:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~The most widely accepted — the ones almost no site rejects — are the everyday favourites: ! ? @ # $ % & *. If you want a symbol that works everywhere, pick from those.
Do special characters really make passwords stronger?
Yes, but with a caveat. Adding symbols increases the number of possible combinations an attacker must try, which strengthens a password. The bigger win, though, comes from mixing them — a dollar sign here, an ampersand there, scattered among letters and numbers — rather than tacking a single ! on the end, which attackers expect. And no amount of symbols rescues a short password: length still matters most.
Why some symbols get rejected
- Non-ASCII characters — emoji, accented letters and other Unicode are blocked by many systems. Stick to the standard keyboard set above.
- Spaces and quotes — some sites disallow spaces,
"or'because they can interfere with how the password is processed. - Per-site rules — every service sets its own list, so a symbol accepted on one site may be refused on another. Always check the on-screen requirements.
Don’t reuse the same symbol pattern on every account. If all your passwords end in
!1, cracking one teaches an attacker the shape of the rest.
Let a generator handle the symbols
The easiest way to get a well-mixed, symbol-rich password that still meets a site’s rules is to generate it. Our password generator lets you include special characters and produces a random, compliant result in a click, and the strength checker shows how strong it is. For the bigger picture on building secure logins, see our guide to creating good passwords.
Frequently asked questions
What special characters are allowed in passwords?
Generally all standard US-keyboard punctuation: ! ” # $ % & ‘ ( ) * + , – . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~. The most universally accepted are ! ? @ # $ % & *.
Can I use emoji in a password?
Usually not. Emoji and other non-ASCII characters are rejected by most systems. Stick to standard keyboard symbols to avoid “invalid character” errors.
Is one special character enough?
It meets most rules, but it’s weak on its own. Mix several symbols among letters and numbers, and above all make the password long — length protects you more than a single symbol.