\t is your best shot. For good measure, you’ll also want to add double quotes (can be used to escape commas in CSVs), double double quotes, back slashes, and |s, just to mess with anyone trying to sanitize a CSV with your password in it.

Yes, char(9) is the SQL string for it.

However most modern password attributes are blocking this from SQL injections where a playfully named user “Drop Table” does not cause any harm

Of course. In Windows you can hold Alt and type 0 0 9 before releasing the Alt key.

Similar with other control characters, although NULL might be harder to type yet more likely to break things.

SHY is good if you’d like a character which can’t be seen without using unicode’s hidden characters.