@matigo 
:P
@matigo I think this is one reason why passwords are ASCII-only (that would be generous!) or some limited subset -- unicode is so hard to get right, and even if you do get it right there will be some software that will try to break it :/
// @height8
@matigo I run in to this problem all the time when those pesky Japanese sites do address validation ("全角英数字" etc) and I enter my address:
blah blah 1−2−17
It throws a validation error because Kotoeri automatically chooses a "−" character that the validation script (which is, by the looks of the site, usually) probably is calibrated to Windows input. Maybe this is an edge case, but I fear that slight encoding differences like that would panic a user when trying to log in to their account on a different OS (or even a different version of the OS, since IMEs change quite a bit too)
// @height8
@matigo :-/ Allowing multibyte for passwords seems like opening a potential can of worms, unless you're doing some crazy normalization. - vs ー vs ー vs - etc, for example…
// @height8
@matigo Patreon has in fact had a major data breach in the last year: http://arstechnica.com/security/2015/10/gigabytes-of-user-data-from-hack-of-patreon-donations-site-dumped-online/
// @height8