Validate Japanese passwords

Note that this is no longer the suggested way to create strong passwords. It tends to be counter productive, and in fact your particular example has good odds of being cracked quickly if someone were to attempt to bruteforce it. Here is a breakdown:

XKCD #936: Short complex password, or long dictionary passphrase?

Password length is more important than password complexity, and the language doesn't particularly matter. Regardless of language the total amount of "randomness" is what protects a password from bruteforce. Whether you are using English letters or Asian characters, the more the better.


This is on stackoverflow. Simple rules when applying internatinalization to an app.

  1. Do not limit or require a-z and 0-9.
  2. Passwords should be in the coding scheme of UTF-8 not ASCII.
    • Side Note: UTF-8 is backwards compatible with ASCII because the first 128-bits represent the ASCII character set.
  3. Make sure you set the meta tag of the website or whatever app to UTF-8.
  4. Always hash passwords using current NIST approved hashing algorithms. sodium cryptography library includes argon2, argon2i, argon2d
  5. Apply an appropriate length. We cannot assume a password of a specific length in the U.S. will be the same in say Vietnamese. Therefore saying a length of 10 characters in the U.S. might actually be 6 characters in the Vietnamese language because of some extra bits that are needed produce the diacritical marks.
  6. Etc etc best practices when storing password hashes into your databases

This post might help, it’s for Chinese characters but Japanese have kanji which uses the same characters for some of their ideas/words. https://stackoverflow.com/a/1037486/10223458