Re: [Moderator Action] Question about password fied. from Addison Phillips [GSC] on 2000-03-29 (www-international@w3.org from January to March 2000)

From: Addison Phillips [GSC] <addison@globalsight.com>
Date: Wed, 29 Mar 2000 12:07:40 -0800
To: <www-international@w3.org>, "Junya Ishihara (by way of \"Martin J. Duerst\" <duerst@w3.org>)" <jishiha@anet.ne.jp>
Message-ID: <003301bf99ba$70122f70$5b00130a@globalsight.com>

The problem with allowing multibyte passwords is quite simple: you type one
thing using your IME, and then transform it (choose the proper character
from a list). Since most passwords are setup to display *** or not echo the
user's input, it is hard to have consistent behavior with regard to password
entry. Therefore most systems limit password entry to the keys on the
keyboard and switch the IME off (if they have that level of control). This
results in "single-byte" passwords.

While one can imagine the use of characters greater than 0x80 in various
encodings, in practice, most systems limit passwords to 7-bit ASCII to
ensure portability. For example, I can type a password like "éàœ" on a
French keyboard directly, but how do I type it on a Japanese keyboard?
Similarly, I can type a kana password on a Japanese keyboard, but how do I
type it on a Chinese keyboard? Note that if we disable the IME but allow
non-ASCII characters, some encodings (notably UTF-8) will result in
multibyte passwords being generated.

thanks,

Addison

Addison P. Phillips
Senior Globalization Consultant
Global Sight Corporation
mailto:addison@globalsight.com
================================
101 Metro Drive, Suite 750
San Jose, California 95110
(+1) 408.350.3600 - Telephone
(+1) 408.350.3601 - Fax
http://www.globalsight.com
================================

Red Herring names Global Sight among the 1999 "Ten to Watch" in its annual
roundup of the top 100 companies of the electronic economy.  Read more at:
http://www.redherring.com/mag/issue67/news-feature-du99-global.html

Going global with your web site?  Global Sight provides Web-based software
solutions  that simplify the process, cut costs, and save time.
----- Original Message -----
From: Junya Ishihara (by way of "Martin J. Duerst" <duerst@w3.org>)
<jishiha@anet.ne.jp>
To: <www-international@w3.org>
Sent: Tuesday, March 28, 2000 11:22 PM
Subject: [Moderator Action] Question about password fied.


> Hello,
>
> I am I18N engineer testing a product readiness for multi byte
> language.
> My question is that "Should password field allow the multi byte
> to be input or restrict?".
>
> We Japanese usually use only single byte character(alphabet or number)
> as password.
> Our product currently allow multi byte to be input in some password
> field.
> Will it be a cause of some problems?
>
> Regarding use of only single byte character as password, how about in
other
> Asian countries?
>
> Junya Ishihara
>

Received on Wednesday, 29 March 2000 14:59:37 UTC