Ask HN: Why aren't Unicode passwords a big thing?
ASCII character set only has 127 input options. Unicode has over 128,000 input options. Wouldn't moving to Unicode enabled passwords make passwords, in general, exponentially secure?
In short, why do most websites restrict their passwords to the ASCII character table?
2 comments
[ 0.39 ms ] story [ 17.4 ms ] threadFor one, people probably aren't aware enough of unicode to think to use a unicode character in their password, and they probably also aren't aware of how to actually type a unicode character.
Plus, website support for unicode chars is... unpredictable. If I set my password to "foo1234", then I expect it to be "foo1234", not just "foo" and a lack of any error. Similar to how password length is sometimes just randomly truncated.
From: https://en.wikipedia.org/wiki/Unicode#Ready-made_versus_comp...
For example, é can be represented in Unicode as U+0065 (LATIN SMALL LETTER E) followed by U+0301 (COMBINING ACUTE ACCENT), but it can also be represented as the precomposed character U+00E9 (LATIN SMALL LETTER E WITH ACUTE). Thus, in many cases, users have multiple ways of encoding the same character. To deal with this, Unicode provides the mechanism of canonical equivalence.