IMO, this is a close relative of a different problem, one that's old and
well-understood: Characters that shift to different keys when you cross
I (now) live in Germany and come from Norway. Germany has Y and Z
swapped. Shortly after I started travelling to Germany, I stopped using
Y and Z in passwords. They were too much trouble. This is (at least
among the people I know) the common solution.
I may well be making a silly mistake, but my gut says that the
compatibility mappings will not have a serious enough impact on
password entropy that we must make an effort to migrate from
I agree, because I think that if a character doesn't have a reliable,
unchanging representation, then using that character in a password
today is begging for trouble. Can't be typed on the wrong keyboard/OK,
can't be transmitted through a program that happens to normalize the
right/wrong way, etc.
Ietf mailing list