Resolving Password Spaces

Question

Resolving Password Spaces

I am writing a php script and I was wondering if I should allow spaces in user passwords. I use sha1() to hash the password, and everything seems to be fine with passwords containing spaces. However, I noticed that many large sites do not allow passwords to contain spaces. Is there a reason for this or is it normal to allow them?

+4

php passwords

John stimac Jan 16 '12 at 1:21

source share

4 answers

There is absolutely no reason to limit the characters that users can use in their passwords. Someday.

+4

FtDRbwLXw6 Jan 16 '12 at 1:24

source share

I do not understand why. If this does not cause problems with your implementation (and it should not), all it does is expand the available character space by 1 and make it much more complex.

+1

MrGlass Jan 16 '12 at 1:24

source share

Limiting the characters allowed in a password is pointless as long as your hash mechanism can each time have a hash identifier. For example, you may not want to use multi-byte hash characters if you intend to perform password verification from a system that uses various character encodings, for example, hashing a password in PHP and trying to verify it in Java.

+1

Stevek Jan 16 '12 at 1:27

source share

Jon · Accepted Answer · 2012-01-16T01:24:04+0000

You should definitely allow password spaces . Many people prefer to use code phrases, and by abandoning spaces, you make life hard for them without any benefit.

In addition to allowing passphrases instead of passwords, you should also encourage them because they are more secure (OK, I admit half the reason I wrote this to put in the xkcd link).

Resolving Password Spaces

More articles: