Jump to content

Request: Password field allows spaces


darrenc
 Share

Recommended Posts

Please consider this a formal request and/or a question about why we are not allowed to use spaces in passwords in the admin.

Doesn't adding a few spaces to a password or passphrase significantly increases its security? Even the horrible example "This is my password." is much more secure than most passwords people pick for themselves (Possible Combinations: 10,596,610,576,391,421,000,000,000,000,000,000,000), more secure than the same characters sans-spaces, and likely easier and more natural to type.

Personally, I'd rather have a length requirement than be forced to use a digit and no spaces. Everyone has their own methods I suppose, so I was wondering if someone could shed some light on this?

  • Like 5
Link to comment
Share on other sites

Good request and seconded. On websites that do allow i choose my passwords on regular words based on at the moment thoughts or observations. Just make sentences. I i were to chose one now it would maybe be:

60W lightbulb on the ceiling.

Good luck cracking that http://lifehacker.com/5796816/why-multiword-phrases-make-more-secure-passwords-than-incomprehensible-gibberish

While we're at it; i would also like users to be able to login with username or email adres.

Link to comment
Share on other sites

While we're at it; i would also like users to be able to login with username or email adres.

Logging in with email address has bee asked before (I think more than once?) and was not granted...can't find the topic now but it was mindplay. Ryan suggested to use a module instead. Mindplay ended up creating a module to do this...I'll search and post here if I find the thread..This is about ADMIN LOGIN. If you are talking frontend, please ignore me ;-)

http://processwire.com/talk/topic/1838-login-using-e-mail-rather-than-username-and-general-login-issues/

Related:

http://processwire.com/talk/topic/4552-user-names/

Edit: added link to thread + related stuff...

  • Like 3
Link to comment
Share on other sites

I have no problem with spaces in passwords. Can't say I've ever thought to put spaces in passwords, but it makes sense. I'll update to support that the next time I'm in the code for that module. As for logging in with email address, PW uses the username as the unique key for all users. Users are pages, so this is for consistency with the pages system as a whole. I think maintaining this consistency is preferable in keeping the whole thing as simple as possible. Not to mention, 'name' is a built-in property of every page, whereas 'email' is just a custom field in the template (it's technically possible for it to not exist). 

  • Like 4
Link to comment
Share on other sites

@Ipa, are you wanting to be able to define something like a password policy for a site? If so, would a module be more suitable for this? Maybe Ryan could introduce a hookable "check password policy" method (if there isn't one yet) that gets called when setting/changing a password?

Anyway, I'm not sure that the core is the right place to implement a password policy interface.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...