W3C home > Mailing lists > Public > www-international@w3.org > January to March 2000

RE: [Moderator Action] Question about password field.

From: Junya Ishihara <ishihara@genesyslab.co.jp>
Date: Wed, 29 Mar 2000 21:41:22 -0800
To: <www-international@w3.org>
Cc: <addison@globalsight.com>, <avine@eng.sun.com>, <stopping@rochester.rr.com>, <ckim@ecal.com>
Message-ID: <LPBBIJJLIBOEBHOLMJHEKEGPCAAA.ishihara@genesyslab.co.jp>
Hello,

First of all, I appreciate all of your comments regarding multi byte
password.

Christian gave me the comment that if I can use "Unicode", I don't have to
worry about this issue.

Suzanne said that if it is a web application, it would be problem because
people
could enter characters from all sorts of browsers with all sorts of encoding
support.

Addison and Andrea advised me not to allow multibyte passwords because
most passwords are setup to display *** or not echo the user's input so it
is
hard to have consistent behavior with regard to password entry.

Andrea also suggest that if we disable the IME but allow non-ASCII
characters,
it could generate some encodings which can be input by only some specific
keyboard
like Japanese 106 keyboard.

My conclusion is that I won't allow multi byte characters for password field
of
our products, because

1) The specific product that I am in work is not web application but the
product family
includes web application. To make a policy not using multi byte for password
field will
be effective to web application either.

2) The product switch off IME in password fields, so it is meaningless to
allow multi
byte.

Most system in Japan restrict multi byte password, so I had impression that
it would
be not good to allow multi byte password.
But I don't know the clear reasons for rejection before you all gave me
comments.
Now I have some clear reasons.
Thank you very much again for your all kind advices.

----------------------------------------
Junya Ishihara, E-Mail: ishihara@genesyslab.com
QA Internationalization Engineer
Genesys Telecommunications Labs, Inc.
Tel: +1-415-913-1449 Fax: +1-708-585-6630
----------------------------------------
Received on Thursday, 30 March 2000 00:39:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:16:55 GMT