You can use a Coke slogan as your password, but not a Pepsi one

When Larry Osterman mentioned News Flash: Spaces are legal characters in both filenames and passwords, I was reminded of my own little experiment with passwords and spaces.

Over a decade ago, I tried using spaces in my password, and they were accepted, but I ran into a different problem: Brand name bias.

The password system accepted "Coke adds life" as my password, but it rejected "Pepsi the choice of a new generation". Why did the password system accept a Coke slogan but not a Pepsi one? Hint.

Comments (18)
  1. TJ says:

    if (password.Contains("pepsi"))


      throw new InvalidPasswordException();


  2. The 14-character limitation on passwords?

  3. The 14-character limitation on passwords?

  4. Neil (SM) says:

    I thought maybe it was the drug reference.

    "Your password has been flagged as inappropriate.  The authorities have been notified.  Please gather your belongings and report to security desk 2a.  And be sure to wipe the seat off on your way out."

  5. Microsoft Bob says:

    To be sure, there is likely to be a 14 character limit on the password, but it is just part of a greater anti-Pepsi conspiracy as it also stops people using "Lipsmackinthirstquenchinacetastinmotivatingoodbuzzincooltalkinhighwalkinfastlivinevergivincoolfizzin"

  6. Nick Tompson says:

    "Pepsi the choice of a new generation" is longer that 14 characters.

    "Coke adds life" is exactly 14.

  7. Jonathan says:

    I once had a password that had a backspace character in it.

    On a rather brain-dead Eudora epass compatible mail server in college.  I was using telnet to set my password (wasn’t using the Eudora client) and made/corrected a typo.

    Took me a while to figure out why I couldn’t log on, and even once I realized my password had two more characters than I thought it did there was no way to use it from a mail program.  Had to telnet back in and set it to something usable.

  8. Erwin says:

    "Pepsi the choice of a new generation" isn’t a multiple of seven?

  9. Coke is not always a proper noun.

    I think Pepsi is always a proper noun. So maybe your password checker was a big scrabble fan??

  10. Jeff Tyrrill says:


    Your description revealed two additional major security problems with that system (or at least the application used to set your password):

    1. You weren’t prompted to re-enter your password for verification, which is necessary whenever either setting a password, or entering a password when it won’t be verified immediately. (I’m assuming you didn’t make and correct the same typo twice.)

    2. You were able to see how long the current password was without access.

  11. Michael Mol says:

    @Jonathan one friend of mine once telnetted into an SMTP server to send an email to another friend of mine, and made and corrected several typos in the body of the email.  The recipient was using a console-based client, and was quite amused to see his typos correcting themselves on viewing.

  12. bob says:

    Oh come on, you don’t even need a hint. So obvious.

  13. Karl says:

    One of my pet peeves is that the Windows password complexity requirements has four categories of characters, three of which must be used:

    * Uppercase alphabet characters

    * Lowercase alphabet characters

    * Arabic numerals

    * Nonalphanumeric characters

    Frustratingly enough, spaces aren’t included in ANY category! They really should be in the fourth category.

  14. Andrei says:

    The Pepsi string contains 36 characters, which is 7*5+1, so the last chunk contains only one character, which I guess that wasn’t accepted by the password system.

  15. Mike Dimmick says:

    Several people have got the problem backwards: The Coke password doesn’t work. The Pepsi one does.

    The limitation in LAN Manager (and LM-compatible passwords) is 14 characters of password material. LM doesn’t permit spaces in the password. "Coke adds life" is 14 characters, and so is rejected by Windows because it might need to be compatible with older systems.

    The longer password is already incompatible with older systems, a warning message is shown when setting it, and therefore spaces are fine.

  16. Henrik says:

    Several people have got the problem backwards: The Coke password doesn’t work. The Pepsi one does.

    That is not what the OP says.

  17. Neil says:

    I remember the days when Unix would only use the first eight letters of your password. A friend of a friend used to concatenate two words together to make his password "for extra security" until we guessed (the first word of) one of his passwords was "elephant".

  18. Bezalel says:

    Am I the only one that noticed that Raymond wrote "Over a decade ago". That means over 11 years ago counting the time in the blog queue. At the time MS was running NT 4.0 or 3.51 (not all or MS’s internal servers were upgraded to 4.0). Judging by the slogans used it could have been as early as 1984.

Comments are closed.

Skip to main content