Ask HN: Why aren't Unicode passwords a big thing?

4 points by shapath ↗ HN
ASCII character set only has 127 input options. Unicode has over 128,000 input options. Wouldn't moving to Unicode enabled passwords make passwords, in general, exponentially secure?

In short, why do most websites restrict their passwords to the ASCII character table?

2 comments

[ 0.39 ms ] story [ 17.4 ms ] thread
I don't have any experience with this, but I suppose it's probably due to a) a lack of awareness and b) a lack of support.

For one, people probably aren't aware enough of unicode to think to use a unicode character in their password, and they probably also aren't aware of how to actually type a unicode character.

Plus, website support for unicode chars is... unpredictable. If I set my password to "foo1234", then I expect it to be "foo1234", not just "foo" and a lack of any error. Similar to how password length is sometimes just randomly truncated.

One of the problems is that some characters have multiple encodes. It's a problem if you enter one form in one computer and another form in other.

From: https://en.wikipedia.org/wiki/Unicode#Ready-made_versus_comp...

For example, é can be represented in Unicode as U+0065 (LATIN SMALL LETTER E) followed by U+0301 (COMBINING ACUTE ACCENT), but it can also be represented as the precomposed character U+00E9 (LATIN SMALL LETTER E WITH ACUTE). Thus, in many cases, users have multiple ways of encoding the same character. To deal with this, Unicode provides the mechanism of canonical equivalence.