Non-ASCII characters in Password

[cmb]

Hello Community,

there might be issues regarding non ASCII characters in the password due to different possible Unicode representations of the same "glyph". Actually this issue affects other functionality as well (e.g. the search function), but for passwords it might be a particular problem. Consider the letter ü, which can be represented as U+00FC and as U+0075,U+0308 (and probably there are more alternatives). AFAIK there are no "rules" for browsers on how to handle Unicode in this regard.

The clean solution would be applying Unicode normalization, but that is only available through PHP's intl extension, which is not supposed to be installed "everywhere".

As a workaround we may recommend to use only ASCII characters for the password (and perhaps enforce that with a check when the password is changed).

Christoph

[Holger]

As a workaround we may recommend to use only ASCII characters for the password (and perhaps enforce that with a check when the password is changed).

I agree. it seems ther is no other option at the moment.

[cmb]

I've put "Prohibit non-ASCII characters in Password" on the 1.6.2 roadmap. There's probably no need to vote on the documentation only, which I have added in the Wiki (the German translation is pending).

[cmb]

I've put "Prohibit non-ASCII characters in Password" on the 1.6.2 roadmap.

I've implemented a respective check for password changes (r1280).