Jump to content

Why no whitespace in passwords?


bmacnaughton
 Share

Recommended Posts

Are there any behind-the-scenes reasons that whitespace is not allowed in passwords, or is it a policy choice?

I've found that people can remember phrases that mean something to them well so they make longer, more secure passwords/passphrases.

  • Like 3
Link to comment
Share on other sites

Technically there is no reason why whitespaces are not allowed in passwords.

There are however a few case where whitespaces cause trouble and therefore

are simply not allowed:

1. unintentionally whitespace at the beginning or ending of a password

2. charset issues

Link to comment
Share on other sites

Technically there is no reason why whitespaces are not allowed in passwords.

There are however a few case where whitespaces cause trouble and therefore

are simply not allowed:

1. unintentionally whitespace at the beginning or ending of a password

2. charset issues

Thanks for this. Can you expand on charset issues? If the DB and the site all use UTF-8 then I don't understand why this would be a problem.

Link to comment
Share on other sites

If the DB and the site all use UTF-8 then I don't understand why this would be a problem.

As a CMS provider you never know if this is in fact the case. It's always better to restrict stuff like this as it really does not limit the ability to have save passwords, while it limits the potential for error. Inline whitespaces are just two chars that you can't use. 

Link to comment
Share on other sites

Passwords aren’t stored as plain text in the DB, so that shouldn’t be an issue. If one is worried about leading/trailing whitespace, one might as well disallow that specifically, or routinely trim passwords (and tell the user about it).

Plus, we deal with spaces in POST data all the time anyway?! Even this forum allows spaces in usernames, which kind of blew my mind the first time I logged in. I really dig it.

I’m a big proponent of long passwords and I feel, calling them “passwords” instead of “pass phrases” was a major mistake, leading to the stupid password policies we see everywhere, when in reality, the best thing you can do is just have a long-ass combination. Personal sentences are great for this. Easily typed, because that’s what we’re used to type, and easy to remember, because unlike cryptic alphanumeric combinations with an obligatory exclamation point at the end, they make sense even without thinking up mnemonics first…

  • Like 2
Link to comment
Share on other sites

If charset is a problem, passwords must rely on ASCII only. Accidental whitespace before/after could be stripped out easily, without touching whitespace within the password. I for one like the ability to use "limitless" passwords :-)

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...