Unicode in passwords

Marc Blanchet marc.blanchet at viagenie.ca
Wed Sep 30 12:35:05 CDT 2015

On 30 Sep 2015, at 12:33, John O'Conner wrote:

> I'm researching potential problems and best practices for password 
> policies
> that allow non-Latin-1 Unicode characters. My searching of the 
> unicode.org
> site showed me a general security considerations document (UTR #36) 
> but
> nothing specific for password policies using Unicode.
> Can you recommend any documents to help me understand potential issues 
> (if
> any) for password policies and validation methods that allow 
> characters
> from more "exotic" portions of the Unicode space?

the IETF have been doing work related to this exact issue. You might 
want to look at RFC7564 (generic framework) and RFC7613 (username and 
passwords, used in various IETF protocols).


> Best regards,
> John O'Conner

More information about the Unicode mailing list