Press "Enter" to skip to content

Why spaces should not be allowed in password?

First of all, it’s password. And a word cannot contain space or spaces.

Yeah, it’s supposed to be one word. Not passwords or passphrase or pass sentence. It is not supposed to contain any spaces.

Forgive me for referencing wiki here, It clearly says,

A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which is to be kept secret from those not allowed access.

Spaces are not visible.

Spaces are not something that can easily be identified. It is an invisible character. It is very hard for anyone to identify if there is one space or two.

For example, if somebody sends monster as a password, would it be  ‘ monster’ or only ‘monster’. The sender could have sent ‘ monster’ easily.

If there are spaces in front or rear, people will easily get confused. You might as well say, it’s a tab.

Any block of data, printable or otherwise, should be acceptable.

Is it two or one?

If you send password containing two adjacent spaces over the web, it will probably be counted as one space.

It is easy to confuse people in the web with this passwords. But, with little effort, they might even succeed.

Send those with your own handwriting. When they fail, tell them you missed a space in front.

People will use sentences as passwords.

If you allow spaces in the password, they might just set their password like ‘This is my computer’. Which is pretty good standard with a score of 70. But, definitely a bad one. It is very insecure for passwords to have any sort of a meaning. It is equally bad to have birth dates like March-06-1993 as your password.
Bottom line is, it is a bad password policy to have space in it. It definitely creates some sort of difficulties for the password hashing system. And it is good enough to harass the genuine users.

People copy and paste.

Most of the time, people copy and paste the passwords. Nobody wants to remember long and ugly passwords. For most of the developers, this is the case. Developers tend to double click or copy the password somewhere and omit the spaces before and after thinking that it is not the part of it. If spaces were to be allowed, they would go crazy.

Hey, I used the password you sent, why it is not working.

Everything is awesome.