Unicode in passwords
Mark Davis ☕️
mark at macchiato.com
Thu Oct 1 05:18:47 CDT 2015
As to #1, my note needs some clarification. For characters that don't
typically occur on *any* keyboards, people don't typically use those in
their passwords, so switching between different devices doesn't matter.
(One caveat would be where the password dialog permits selection from a
palette. That way it is independent of device.)
The problem comes in where someone uses (as I do), a Mac, a Windows box, a
Chromebook, and an Android tablet & phone. The Mac makes it easy to type an
em-dash—to use your example. It is slightly less easy on Android, a real
pain on Windows, and I haven't even tried on a Chomebook (maybe easy, maybe
not, just haven't tried). So for me to use an em-dash in a password would
just be opening up to annoyance.
I just had a quick look, and it appears that on the latest systems we have
data for in CLDR, em-dash is typeable (somehow) on:
- all of the android keyboards
- 85% of the osx keyboards
- 27% of chromeos keyboards
- 9% of windows keyboards
http://www.unicode.org/cldr/charts/28/keyboards/chars2keyboards.html
It's even somewhat uglier in the case where I'm typing a password on a
borrowed/public computing device (although typing a password on such a
device may not be exactly a great idea from a security standpoint!).
Mark <https://google.com/+MarkDavis>
*— Il meglio è l’inimico del bene —*
On Thu, Oct 1, 2015 at 9:33 AM, Richard Wordingham <
richard.wordingham at ntlworld.com> wrote:
> On Thu, 1 Oct 2015 07:01:12 +0200
> Mark Davis ☕️ <mark at macchiato.com> wrote:
>
> > I've heard some concerns, mostly around the UI for people typing in
> > passwords; that they get frustrated when they have to type their
> > password on different devices:
> >
> > 1. A device may not have keyboard mappings with all the keys for
> > their language.
>
> The typographers will probably give English as an example! Where's
> the en dash key?
>
> > 2. The keyboard mappings across devices vary where they put keys,
> > especially for minority script characters using some pattern of
> > shift/alt/option/etc.. So the pattern of keys that they use on one
> > may be different than on another.
>
> Even ASCII can have problems. A password containing '#' and '|' can't
> be entered when a physical US keyboard (102 keys) is interpreted using
> a mapping for a British keyboard (103 keys). (There seem to be
> different conventions as to which key is missing.)
>
> Richard.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unicode.org/pipermail/unicode/attachments/20151001/a68ce1ca/attachment.html>
More information about the Unicode
mailing list