And yet Unix* has case sensitive logins, and is renowned for its security.
*recent Unixes, since older Unixes only had support for upper case characters.
But I see your point, and it looks like it's not a clearly cut question. But I'm still leaning towards case sensitivity, because passwords are case sensitive, so it's easier to train users to consider both of login and password as case-sensitive. And it's a shame that some e-mail providers caved in and started making e-mail case insensitive…
P.S.: Should we also forbid the O/0, l/I characters in logins, like base58 does, because they can be ambiguous ?
P.P.S: And Unicode has added a whole new level of issues to this. Of course ASCII-only logins are completely unacceptable these days –
(think of users that don't have a latin-like alphabet as their native one)
– but I've recently ran into the issue where a service didn't properly normalize my password, so the µ from my previous keyboard layout ended up being considered as different from the μ from my new keyboard layout !
*recent Unixes, since older Unixes only had support for upper case characters.
But I see your point, and it looks like it's not a clearly cut question. But I'm still leaning towards case sensitivity, because passwords are case sensitive, so it's easier to train users to consider both of login and password as case-sensitive. And it's a shame that some e-mail providers caved in and started making e-mail case insensitive…
P.S.: Should we also forbid the O/0, l/I characters in logins, like base58 does, because they can be ambiguous ?
P.P.S: And Unicode has added a whole new level of issues to this. Of course ASCII-only logins are completely unacceptable these days –
(think of users that don't have a latin-like alphabet as their native one)
– but I've recently ran into the issue where a service didn't properly normalize my password, so the µ from my previous keyboard layout ended up being considered as different from the μ from my new keyboard layout !