On 30 Sep 2015, at 12:33, John O'Conner wrote:
I'm researching potential problems and best practices for password
policies
that allow non-Latin-1 Unicode characters. My searching of the
unicode.org
site showed me a general security considerations document (UTR #36)
but
nothing specific for password policies using Unicode.
Can you recommend any documents to help me understand potential issues
(if
any) for password policies and validation methods that allow
characters
from more "exotic" portions of the Unicode space?
the IETF have been doing work related to this exact issue. You might
want to look at RFC7564 (generic framework) and RFC7613 (username and
passwords, used in various IETF protocols).
Marc.
Best regards,
John O'Conner
