Div0 Blog Editor
Creative Password Policy Experience
I once tried to use passwords which were immune to exhibitionism — i.e. even when someone happens to see them on the screen, he/she will not be able to reproduce them easily. This led me to use a full scale of Unicode charset, specifically non-Latin characters. However what happened for a famous and global hotel web application when I did implement such a password? It crashed! Completely.
This tells more about their actual customer base than their implementation of information security procedures. Their solution to this was to revoke my permission to ever change my password again, I mean EVER! If they ever had such a global customer base as they advertise, surely they had faced this issue earlier when someone using non-Latin charset passwords, but clearly they did not.
This demonstrates the positive sides of the famous homoglyphs issue, which in many cases is seen as only being negative and problematic. In the global post-national world, there will, and should, be more and more cases where the scripts are overlapping. Is the whole Unicode then doomed? If you ask me, no, not really, since it's partial in any case. The world of communication and the world of signs is evolving and the scope of Unicode will never cover all of it. Neither should we limit ourselves to the concept of glyphs or signs, surely there are many other ways to communicate, aren’t there? For example no dot in one language, how do they type then dotcom? Are we trying to impose some specific way to scripting globally then?
Kristo Helasvuo, Guest Author.