Unicode in passwords
richard.wordingham at ntlworld.com
Tue Oct 6 14:19:27 CDT 2015
On Tue, 6 Oct 2015 11:21:42 +0200
Mark Davis ☕️ <mark at macchiato.com> wrote:
> While I think that RFC is useful, it has been interesting just how
> many of the problems recounted on this list go far beyond it, often
> having to do with UI issues. It would be useful to have a paper
> somewhere that organizes all of the problems presented here, and
> maybe makes a stab at describing techniques for handling them.
Indeed, there are several different scenarios. The most prototypical
1) Initial access to a stand-alone computing device, the conventional
logging on. In this case, it is usually risky to use anything but
2) Internet passwords for use in privacy. Basically any non-trivial
combination of characters should be acceptable, provided it will not be
mangled in transmission. Under the rules of Unicode, this means that
the text should be normalised before becoming a mere sequence of bytes.
Note that in the second scenario, there is normally an 'administrator'
who can put things right.
More information about the Unicode