Is there a technical reason why blank spaces can’t be used in password since you always have to hit submit afterwards anyway?

1.20K viewsOtherTechnology

Just reading in that long password are better than complex ones. Wouldn’t it be better if our passwords were long memorable quotes like “Now are the times that try men’s souls” instead of something like Be$ty78?

In: Technology

31 Answers

Anonymous 0 Comments

There is no *modern* reason to not have spaces in passwords.

There are legacy reasons.

1. Length Limits

2. Acoustic eavesdropping.

When passwords had a length limit, then spaces were a statistically easy-to-guess part of the password that would take up valuable spots in that password. **There is no legitimate reason for a length limit, today**.

Acoustic eavesdropping is the only semi-valid current reason. Back in the day, the sound of the spacebar on a mechanical keyboard was quite distinctive. Even on a modern membrane keyboard, it’s not impossible to guess which keystrokes are the spacebar, even if you were just listening in on the other side of a phone. Imagine a hacker calls up and says, “I need you to login to your security portal and double-check that your computer scan is up to date.” By recording you type your keyboard (and then some legit “enhance” on the other side), they can tell 1. how many characters are in your password, 2. how many characters are in between spaces, and 3. possibly when you hit the shift key (slight pause before the next keystroke) and which side of the keyboard each character is on.

If you have a noisy keyboard and they can trick you into typing known characters (such as sending them a chat message) while you are being recorded, they could build an acoustic map of your keyboard and get pretty close to your password.

That much information could make it much easier to crack your password. Especially if they know you like to use song lyrics, or that your previous password is “my boss is a grade-A TW4T”.

But that’s not really worth the effort outside of CIA-level shit and important targets. Given that proper auth systems use 2-factor authentication and probably much of that is being typed on a touchscreen and filled in by a password manager, it’s not a realistic attack, these days.

You are viewing 1 out of 31 answers, click here to view all answers.