My bet there is that the client-side validation is counting octets, whereas the server, being Unicode-aware, is counting characters, and coming up with a different result.
「いいね!」 1
Characters in that codeblock (and indeed all of U+1xxxx) are four-octets long in UTF-8. I don’t know what it’s counting, but Unicode 7/Unicode 8 issues (like amphora) could be in play.
Taking the string " 
" as an example, javascript says
"😀".length = 2
and Ruby says
"😀".length = 1
Which is the correct implementation here? @codinghorror's blog post says:
because it’s nice and simple for users. So is one character. That sounds reasonable to me.
However… the blog also says
This is indeed true of the Discourse password fields - one emoji = 2 characters. So if it’s showing as 2 characters in the password field, surely that should count as 2 characters in a password 
On a related note, it is currently very difficult to type emojis directly into html password inputs - you can only copy/paste them in. This is the case on Chrome on mac (using system emoji window), and also Safari on iOS (the emoji button doesn’t even show up with the password field focused). So, as much as I try, I can’t use 
as my password on Discourse (without cheating with copy/paste).
「いいね!」 2
😀 is four octets in UTF-8: Base64 visualizer
I have no idea why Javascript gets that count. (UTF-16?) But 😀 does show as ⏺⏺ in the password field of Discourse (for me).
「いいね!」 3
It would appear so (from here)
「いいね!」 3
A sentence with spaces - could be the best personal password choice
I’m not sure a space would work. It’s a control character and there might be some filters somewhere that wouldn’t like it.
A space is absolutely fine, it’s just another character as far as a password is concerned. Try it here on meta - it works.
「いいね!」 4
パスワードマネージャーが 
安全であることを確認した上で再テストしました。同じ現象が発生します:緑色の「okay」が表示されるだけの絵文字では実際に機能しません。さらに、パスワードを徐々に長くして試すたびに、3回目くらいでログアウトされたようです。無事に 
個の絵文字パスワードを設定しても、「you have been logged out」というメッセージが一瞬表示されましたが、実際にはログアウトされませんでした。
このログアウト現象が絵文字固有のバグなのか、誤った(あるいは少なくとも役に立たない)機能なのかはわかりません。もし機能であれば、「you have been logged out」のボックスにその理由を説明するようにしてください。
はい、これは JavaScript の歴史的な経緯により、絵文字(およびその他のサロゲートペア文字)を含む文字列の長さを正しく数えられないことが原因です。サーバー側では長さを正しく数えています。
「いいね!」 2