Also, people speak languages other than English, and things like Unicode normalization mean that identical characters can be encoded differently depending on what's being used to type the password in, and I'd be willing to bet most websites don't handle that properly. Not to mention non-latin alphabets, which can be even messier. Good luck explaining to someone that the reason their bank's website isn't matching their password is due to there being two ways to encode "olá" (and there isn't a good way to use a specific one, or know which one was used to set the password!)