What are standards for characters allowed in text fields
What are the typical characters allowed in text fields in a new user sign-up? Are there www standards? Especially interested in Username and Password character types allowed.
I prefer to be able to use alphabetic, numeric, and special characters to create my passwords. I really hate it when sites deny me the use of special characters, particularly !@$*.
Don't restrict password characters. The more characters available, the more secure passwords can be. There's no good reason to forbid spaces, for example, in a password.
For usernames, it depends on where they will be displayed. If you plan to give users there own profile URL, you would want to limit characters much more than if not.
Just don't forget to escape user inputs when you output them again.
What reason would you have to ever deny any characters? You should just allow everything, with the possible exception of the null character. You will have to encode usernames when you print them on your site to avoid cross-site scripting problems, but you probably should do that anyways even if you're filtering the "dangerous" characters just to be safe. Allowing all characters, especially for passwords, greatly increases usability (and security, in the case of passwords). Also, keep in mind that some users may want to input UTF8 characters if they have accents in their names (or if they're using a non-latin alphabet like Chinese or Russian).