Unicode in passwords

Yoriyuki Yamagata yoriyuki.yamagata at aist.go.jp
Mon Oct 5 22:57:51 CDT 2015

Dear John,

FYI, IETF is working on this issue.  See Internet Draft https://tools.ietf.org/html/draft-ietf-precis-saslprepbis-17 based on PRECIS framework RFC 7564 https://tools.ietf.org/html/rfc7564


> 2015/10/01 1:33、John O'Conner <jsoconner at gmail.com> のメール:
> I'm researching potential problems and best practices for password policies that allow non-Latin-1 Unicode characters. My searching of the unicode.org site showed me a general security considerations document (UTR #36) but nothing specific for password policies using Unicode.
> Can you recommend any documents to help me understand potential issues (if any) for password policies and validation methods that allow characters from more "exotic" portions of the Unicode space? 
> Best regards,
> John O'Conner

Yoriyuki Yamagata
National Institute of Advanced Science and Technology (AIST), Senior Researcher

More information about the Unicode mailing list