User Expectations and Unicode Normalization

Question

User Expectations and Unicode Normalization

This is a bit of a soft question, feel free to let me know if there is a better place for this.

I am developing code that accepts a password that requires international characters, so I need to compare the unicode input string with the stored unicode string. Easy.

My question is, do international character set users usually expect normalization in this case? My Google searches show some conflicts in the opinion of “always do it” (http://unicode.org/faq/normalization.html) so as not to worry. Are there any pros / cons to not normalize? (i.e., less likely to guess the password, etc.).

+5

unicode normalization unicode-normalization user-experience

dfb Mar 14 '11 at 23:08

source share

2 answers

I would not worry for several reasons:

. , , . ( , , , .)
, , () , ... - . , , , , , , . , , , .

-3

mlissner 21 . '11 22:24

Brian campbell · Accepted Answer · 2011-03-15T04:51:43+0000

I would recommend that the Unicode input (supposedly UTF-8 or UTF-16), which you normalize before hashing and comparison, be accepted in the password field. If you do not normalize it, and people access it from different systems (different operating systems or different browsers, if it is a web application or with different locales), you can get the same password that is presented with a different normalization. This would mean that your user would enter the correct password, but rejected it, and it would not be wise, why not fix it.

User Expectations and Unicode Normalization

More articles: