How do I properly implement Unicode passwords?
- by Sorin Sbarnea
Adding support for Unicode passwords it an important feature that should not be ignored by the developpers.
Still adding support for Unicode in the passwords it's a tricky job because the same text can be encoded in different ways in Unicode and this is not something you may want to prevent people from logging in due to this.
Let's say that you'll store the passwords os UTF-8.
Now the question is how you should normalize the Unicode data?
You had to be sure that you'll be able to compare it. You need to be sure that when the next Unicode standard will be released it will not invalidate your password verification.
Note: still there are some places where Unicode passwords are probably never be used, but this question is not about why or when to use Unicode passwords, is about how to implement them the proper way.