Should I limit the allowed characters in a password?

G

GeraZlo2016-12-16 16:17:34

Passwords

GeraZlo, 2016-12-16 16:17:34

Is it worth limiting the range of allowed unicode characters in the password, are there any pitfalls if you allow the user to enter any characters, incl. emoji?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir Dubrovin, 2016-12-16
@z3apa3a

It depends where and how you will use these passwords. For example, built-in HTTP and SMTP authorization does not have the ability to pass a character encoding, and it is generally not recommended to use non-ASCII characters in it. IMAP uses UTF-7 which can have problems with emoji transfer. SSH can also have problems passing non-ASCII characters, depending on the type of terminal. Mac does not allow you to enter Cyrillic passwords in passwords in a lot of places, for example for WiFi.
As for the web - well, imagine a user registering a password with an emoji and then trying to log in with this password via a mobile phone, where there simply will not be an opportunity to enter it.

M

Max, 2016-12-16
@MaxDukov

more character set - less realistic brute force.