Sounds like a lot of headache and stupidity just so they could be “proud of […] allow[ing] you to have ☃, the unicode snowman, as a username”. I don’t know any security-minded programmer that would think it would be a good idea to not limit usernames to something like [a-zA-Z0-9].
Even if there weren’t issues with password resets like they ran into, being able to create a similar-looking username to someone else poses problems with phishing, impersonating accounts/staff, and login problems with users not remembering their “clever” usernames.
However in a global market limiting the alphabet to ASCII is not an attractive option
I think he was trying to be funny when mentioning the snowman. The real purpose was to support international characters.
But why do we need international characters in a user name? You can put all the fancy letters you like in your display name (or whatever you call it). Or do the cool new thing of making user name the same as email address.
This seems like both solving the wrong problem and not solving a real problem. At some point, two people named John Smith are going to sign up. So the first guy gets JohnSmith and the second guy gets John☃? The second John Smith is going to be no less unhappy he can’t have his “real” name than all the international users disenfranchised by an ascii only policy. The solution that allows two people named John Smith to happily use the service and differentiate themselves seems likely to adapt well to more complex names too.
I was expecting something along the lines of regular expressions that validate whether or not a provided email address looks like a valid email address but was pleasantly surprised that it was actually about newly registered account verification via email and forgotten password procedures.
Thought I’d leave a comment saying so to inform others who may have been mistaken like I was.