Built to follow modern government guidance: accept Unicode and printable characters, prefer length/entropy and blocklists over brittle composition rules, normalize Unicode before use, and use a cryptographically secure RNG. (See NIST SP 800-63B and related UK guidance.)
Why these choices? (short)
Modern guidance (NIST SP 800-63B and UK/GOV.UK guidance) recommends accepting Unicode and printable characters, emphasizing length and blocklisting of bad/compromised passwords instead of rigid composition rules. It also recommends normalizing Unicode to avoid login issues and using secure RNGs. Blocklists of common passwords should be used by verifiers. For implementers: do not silently reject characters; explain any restrictions to users. :contentReference[oaicite:2]{index=2}