Is there a technical reason why blank spaces can’t be used in password since you always have to hit submit afterwards anyway?

1.15K viewsOtherTechnology

Just reading in that long password are better than complex ones. Wouldn’t it be better if our passwords were long memorable quotes like “Now are the times that try men’s souls” instead of something like Be$ty78?

In: Technology

31 Answers

Anonymous 0 Comments

Big deal with ‘blank’. It’s only one character.

Why can’t we use the entire UTF-8 set?

Anonymous 0 Comments

There is no *modern* reason to not have spaces in passwords.

There are legacy reasons.

1. Length Limits

2. Acoustic eavesdropping.

When passwords had a length limit, then spaces were a statistically easy-to-guess part of the password that would take up valuable spots in that password. **There is no legitimate reason for a length limit, today**.

Acoustic eavesdropping is the only semi-valid current reason. Back in the day, the sound of the spacebar on a mechanical keyboard was quite distinctive. Even on a modern membrane keyboard, it’s not impossible to guess which keystrokes are the spacebar, even if you were just listening in on the other side of a phone. Imagine a hacker calls up and says, “I need you to login to your security portal and double-check that your computer scan is up to date.” By recording you type your keyboard (and then some legit “enhance” on the other side), they can tell 1. how many characters are in your password, 2. how many characters are in between spaces, and 3. possibly when you hit the shift key (slight pause before the next keystroke) and which side of the keyboard each character is on.

If you have a noisy keyboard and they can trick you into typing known characters (such as sending them a chat message) while you are being recorded, they could build an acoustic map of your keyboard and get pretty close to your password.

That much information could make it much easier to crack your password. Especially if they know you like to use song lyrics, or that your previous password is “my boss is a grade-A TW4T”.

But that’s not really worth the effort outside of CIA-level shit and important targets. Given that proper auth systems use 2-factor authentication and probably much of that is being typed on a touchscreen and filled in by a password manager, it’s not a realistic attack, these days.

Anonymous 0 Comments

Literally any character could be part of a password. There is no technical reason one can’t, just implementation limitations.

That said, there’s some obvious ones you wouldn’t want to use, like backspace, delete, carriage return, line feed, tab, etc. Pretty much any control character likely to be consumed by the interface rather than entered as part of the password, yeah?

And characters not on a keyboard are also probably a poor choice because you’re dependent on interface for being able to enter those characters.

Characters that should probably work but might not be allowed:

* ‘ and ” because it’s used in programming to indicate string literals, etc.
* because it’s often used to mean “the next character is literal”
* ` because it’s used to shell out in a lot of languages
* % because it’s a wildcard in SQL
* $ because it often indicates a variable name or a field delimiter
* leading or trailing spaces

All those are fixable by sanitizing inputs, but some may just disallow them as well.

Anonymous 0 Comments

No current good reason.

Historically the first computer passwords were written down. Passwords with spaces were harder to read this way. Really any complex Password that wasn’t letters and numbers was harder to read. Password rules were created based on that max readability. 0-9/a-z only.

Over time that’s remained and slowly faded away. 25 years ago you couldn’t put special characters in most password entries. Now many require it. Modern password reccomendations include spaces and in a decade that will feel normal, if not outdated by password less MFA

Anonymous 0 Comments

Company I work for just changed their password schema to 14 character pass phrases instead of passwords. The recommendation is several short words, separated by spaces. The idea – long passwords are hard to remember so people end up violating security protocols by writing them down. Small words with spaces (to include numbers and unique non-letter characters) are significantly harder to crack than a long, single-word password.

Anonymous 0 Comments

Yes, 100%! This is actually exactly what people recommend. (Technically you should really just use a password manager and generate really long passwords for everything. But the password for the *password manager* should be a passphrase.)

I highly recommend looking into diceware password generation. Basically, get a long list of words, and get some (real-life) dice. Rolling the dice picks one of the words from the list. Rinse and repeat as many times as you like.

Then, I would recommend substituting some of the characters, just to ensure that cracking it won’t be as simple as a dictionary attack.

Anonymous 0 Comments

>long password are better than complex ones.

KeePass password generator with all boxes checked would like a word.
Example: **ª¶l§ÅCfj@håy*ËröBíÁïV1 å**

Good luck brute forcing that. Sadly, a lot of password schemes used by websites (including banks) are woefully pathetic, so passwords like that won’t be accepted.

Anonymous 0 Comments

It originates from when computers only had command lines. You might run a command and provide a user name and password as arguments separated by a space. It’s extra work to indicate to the computer if the space is meant to be part of the password or a new argument for the program.

If you want the best of both world, think of a song you like and make your password the first letter of the lyrics. So the national anthem would become oscysbtdelwspwhattlg.

Anonymous 0 Comments

Depends on the authentication system

Most do allow spaces.

Some only allow certain system because the database or code will interpret the symbol as the start of a command

Anonymous 0 Comments

When a website tells you restrictions that reduce the complexity of the password in any way, it’s usually because their security is bottom level garbage.

The worst is if you see something like “password can’t be longer than x.” Then you know 100%, they are storing your password in plaintext, and the db field simply doesn’t have more space reserved.

Need to use password managers, it’s not feasible to remember more than a handful of different passwords and you need to have a unique, secure password in every place you use one.