Unicode in passwords
Marc Blanchet
marc.blanchet at viagenie.ca
Wed Sep 30 12:35:05 CDT 2015
On 30 Sep 2015, at 12:33, John O'Conner wrote:
> I'm researching potential problems and best practices for password
> policies
> that allow non-Latin-1 Unicode characters. My searching of the
> unicode.org
> site showed me a general security considerations document (UTR #36)
> but
> nothing specific for password policies using Unicode.
>
> Can you recommend any documents to help me understand potential issues
> (if
> any) for password policies and validation methods that allow
> characters
> from more "exotic" portions of the Unicode space?
the IETF have been doing work related to this exact issue. You might
want to look at RFC7564 (generic framework) and RFC7613 (username and
passwords, used in various IETF protocols).
Marc.
>
> Best regards,
> John O'Conner
More information about the Unicode
mailing list