Comment by nasretdinov
7 hours ago
As a non-English speaker I can really relate to this. I think the real mistake was Apple allowing to enter a non-ASCII password in the first place. E.g. on macOS the password fields have been locked to English character set, and I'm not sure why it changed on iOS.
Are you aware that billions of people live in countries where they could go on the whole life without seeing an ascii letter?
That's not really true in any country these days.
Regardless, why should a Vietnamese person be forced to restrict their password to ASCII? If you want to sell your devices in a country, the least you can do is to adopt to the local market. I get that Western cultural dominance makes this hard for some, but I think it should be the bare minimum.
4 replies →
The "real mistake" is changing things that used to work.
You can use emojis as passwords, do you think that's a good idea? They work now, there's a good chance that they won't be the same forever. See what happened to the family emojis
I think there's a distinction to be made between 'is it a good idea for someone informed enough to know how these things go in the real world?' i.e. the HN audience and 'should this be a real worry in a sane world?' to which I say no, it shouldn't be a worry that if I was allowed to enter a password today I may not be able to tomorrow.
That's just excuses for moronic decisions of trillion dollar companies.
Passwords are more secure if they are higher entropy, so it makes sense to support a larger variety of characters, Czech or emoji.
It seems paramount that the OS should not allow password input of any characters which it theater takes away. At the very minimum if this is absolutely necessary to make this breaking change, the user should be warned several times that a character in the password is no longer valid and maybe even prevent the OS from upgrading before the password is changed to a forward-compatible one.
In my password, I have the Collectivity of Saint Martin flag emoji and United States Minor Outlying Islands flag emoji next to the French flag emoji and US flag emoji. For good measure, also the flag of Chad next to the flag of Romania. I am sure it's not going to cause any issues.
Did the underlying bits (hex/oct/… or whatever representation) actually change or just the visuals?
Well, alphabets change (especially emojis), rules change, etc, so keeping a single subset of stable and known characters is unlikely to be a bad idea :)
Maybe.
But there is already a known pattern on how to handle this which I was taught (before the original iPhone even) in university CS studies:
If the manner of entering credentials has to change,
Then on first entry, offer the old method,
And, because you now (temporarily) have the plaintext credentials, you can now inspect it and test if anything need to change for the future,
And then set a flag, or require user action , or just re-encode, to use the new method as inspection determines.
> As a non-English speaker I can really relate to this.I think the real mistake was Apple allowing to enter a non-ASCII password in the first place.
As a non-English speaker (Czech, actually), it is clear to me to not use non-ASCII characters in passwords, or generally not use characters that are at different position on default English keyboard and locally used keyboards, i.e. use only ASCII alphanumeric chars except 'Y' and 'Z'.
As keyboard setting is per-user setting, keyboard may be different on login screen than on regular desktop (and once-login password prompts).
> keyboard setting is per-user setting
Do you think most users know this?
Also, most devices nowadays ARE single user. And most (all?) OSes allow you to use alternative keyboards at the user-selection screen.
Also, all orgs recommend special characters in passwords. Czech keyboards default to accented letters on the top row instead of numbers, so why wouldn't your average Czech use those?
But why should non-English speaking users be forced to use an ASCII password if the rest of the OS supports their language just fine?
If you remember what was the encodings situation before UTF-8 became the norm... Let's say it was really ugly. E.g. there were at least two popular encodings for Russian Cyrillic letters — CP1251 and KOI8-R, and it was _very_ common for applications getting it wrong. Restricting things like passwords (and ideally even file names) to ASCII this was a practical necessity rather than an inconvenience.
Unicode was introduced to solve that very problem, and it largely does.
In the olden times, even ASCII wasn’t necessarily a safe bet, as many countries used their own slight variation of ASCII. For example, Japan had the Yen sign in place of the backslash. In a fictional ASCII world, Apple could have decided to remove the Yen key from the Japanese lockscreen keyboard.
4 replies →
Well yes, but you can process all passwords as UTF-8, as most of strings are in mac/iOS anyways, to avoid these problems. Then just don’t break an established standard like the keyboard layout. Is that too much to ask for in 2026?
It was hard enough to spell Français correctly.
To avoid apple inevitably fucking up and breaking things like in this case. The risk to benefit ratio for allowing this is just very poor
> I think the real mistake was Apple allowing to enter a non-ASCII password in the first place.
No that's obviously crazy!