Password validation to narrow

[feeela]

When creating a user or client, the password to be set is limited to “Password must be alphanumeric (a-z,A-Z,0-9 allowed)” – which ist an arbitrary and unnecessary limitation.

Please do not restrict the available characters in a password. For example, one can't use passphrases (with spaces or interpunction). Another unnecessary limitation is, that one can not use a password in any other language than English – think of German Umlauts (ä, ö, ü), French accents (à, é), and so on).

All in all this limitation may lead a user to choose a less secure password that fits the validation pattern. But from a technical point of view there is no need to implement those limitations in the first place. (Database and connection are in Unicode already.)

The only limitation a password should have is a minimum length (e.g. 12 characters).

————————————————————

What I expected:

I can use a secure passphrase that is easy to remember but hard to brute force crack in my own mother tongue.

What actually happened:

An input-field validation for new passwords prevented me from using a passphrase with other characters than the English alphabet and also prevented me from using spaces and interpuction in a password.

What should happen:

An input-field to enter a new password must not have other limitations besides a minimum length (e.g. 12 characters).

————————————————————