Is there a technical reason why blank spaces can’t be used in password since you always have to hit submit afterwards anyway?

1.16K viewsOtherTechnology

Just reading in that long password are better than complex ones. Wouldn’t it be better if our passwords were long memorable quotes like “Now are the times that try men’s souls” instead of something like Be$ty78?

In: Technology

31 Answers

Anonymous 0 Comments

There’s no technical reason for any character at all to be disallowed in passwords.

Whitespace and other special characters such as the newline, backspace and carriage return characters might be disallowed for practical reasons with the interface.

But beyond that, it’s usually because the application is handling the password in an insecure manner. The contents of the  password should be completely irrelevant to the operation of the application, because the application should be handling the password in a SecureString which is encrypted.

If the password contents are enumerated to act upon logic and alter the application behavior, then the password must have been saved somewhere insecurely for that evaluation to have occured.

And yet, look at how many websites restrict your password to a few special characters or even explicitly disallow some. It always concerns me when I see that because I know what’s probably happening behind the scenes.

You are viewing 1 out of 31 answers, click here to view all answers.