Question
I recently started web development using django. While working on the user registration page, I was researching few things on the password.
Web sites generally place restrictions on the characters that can be used in password. For example spaces or angle brackets cannot be used .
Because all inputs are cleaned and hashed before they are stored to the Database, using any printable ascii characters in password shouldn't really be a problem... right? or am I missing anything.
Solution
You're not missing anything. Most of the time, the only reason to exclude spaces or any printable ASCII character is because of bad coding.
The other times, it's for disambiguation of similar-looking characters for autogenerated passwords (I-l-1, O-0, etc.).
OTHER TIPS
Your only concern with contents of passwords should be about Unicode normalization. There are subtle differences in the Unicode symbols generated by different operating systems — for example, some might encode letters like "à" as a single character (U+00E0), while others might produce "à" (two characters: the plain latin letter a, followed by the combining grave accent character U+0300). You should normalize Unicode passwords before hashing them in order to make sure that when your users type their passwords on different operating systems, such differences would not prevent them from gaining access to their accounts.
https://stackoverflow.com/questions/23206268
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian>>> a1 = u'à'
>>> a2 = u'à'
>>> a1
u'\xe0'
>>> a2
u'a\u0300'
>>> a1 == a2
False
>>> from unicodedata import normalize
>>> normalize('NFC', a1) == normalize('NFC', a2)
True
