I'm writing a php script and I was wondering if I should allow spaces in user passwords. I'm using sha1()
to hash the password, and it seems to do fine with passwords containing spaces. However, I've noticed that a lot of major sites don't allow passwords to contain spaces. Is there a reason for this or is it ok to allow them?
You should definitely allow spaces in passwords. Many people prefer to use passphrases, and by disallowing spaces you are making life hard for them for no benefit.
In addition to allowing passphrases instead of passwords, you should also encourage them because they are more secure (OK, I admit half the reason I wrote this was to put in the xkcd link).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With