Unicode in passwords

Mark Davis ☕️ mark at macchiato.com
Thu Oct 1 05:18:47 CDT 2015

As to #1, my note needs some clarification. For characters that don't
typically occur on *any* keyboards, people don't typically use those in
their passwords, so switching between different devices doesn't matter.

(One caveat would be where the password dialog permits selection from a
palette. That way it is independent of device.)

The problem comes in where someone uses (as I do), a Mac, a Windows box, a
Chromebook, and an Android tablet & phone. The Mac makes it easy to type an
em-dash—to use your example. It is slightly less easy on Android, a real
pain on Windows, and I haven't even tried on a Chomebook (maybe easy, maybe
not, just haven't tried). So for me to use an em-dash in a password would
just be opening up to annoyance.

I just had a quick look, and it appears that on the latest systems we have
data for in CLDR, em-dash is typeable (somehow) on:

   - all of the android keyboards
   - 85% of the osx keyboards
   - 27% of chromeos keyboards
   - 9% of windows keyboards


It's even somewhat uglier in the case where I'm typing a password on a
borrowed/public computing device (although typing a password on such a
device may not be exactly a great idea from a security standpoint!).

Mark <https://google.com/+MarkDavis>

*— Il meglio è l’inimico del bene —*

On Thu, Oct 1, 2015 at 9:33 AM, Richard Wordingham <
richard.wordingham at ntlworld.com> wrote:

> On Thu, 1 Oct 2015 07:01:12 +0200
> Mark Davis ☕️ <mark at macchiato.com> wrote:
> > I've heard some concerns, mostly around the UI for people typing in
> > passwords; that they get frustrated when they have to type their
> > password on different devices:
> >
> >    1. A device may not have keyboard mappings with all the keys for
> > their language.
> The typographers will probably give English as an example!  Where's
> the en dash key?
> >    2. The keyboard mappings across devices vary where they put keys,
> >    especially for minority script characters using some pattern of
> >    shift/alt/option/etc.. So the pattern of keys that they use on one
> > may be different than on another.
> Even ASCII can have problems.  A password containing '#' and '|' can't
> be entered when a physical US keyboard (102 keys) is interpreted using
> a mapping for a British keyboard (103 keys).  (There seem to be
> different conventions as to which key is missing.)
> Richard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unicode.org/pipermail/unicode/attachments/20151001/a68ce1ca/attachment.html>

More information about the Unicode mailing list