Here is the text of the NIST sp800-63b Digital Identity Guidelines.

    • xthexder
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      Yeah, multiple languages or even putting an ê or something in an English password to mix things up. It makes perfect sense to allow.

      It’s a good thing they require each codepoint to be treated as one character for the length limit, since “🤔🤣” is 8 bytes on its own, but the unicode prefix is trivial to guess.