Is there a reason why certain sites don't allow periods in passwords?

Question

I was just wondering why certain website don't allow anything other than letter and numbers in the password field.

Is there a security reason or perhaps it's just a limitation of the DB they are using? Thanks for the info.

Edit: It appears that Oracle's database doesn't acknowledge uppercase and lowercase? Is this true? I was told that via PM. Thanks for the information guys, this is really useful stuff.

I wonder why this question has 3 votes to close though. Not enough jQuery and freehand circles?

Answer 1

They're brain-dead and scared of punctuation in general - and dot counts as punctuation. It is more a case of 'friendly-fire' than dot being dangerous. Dash is pretty harmless too.

One of the concerns is SQL Injection, of course. The other is competency of programming workforce.

Answer 2

I worked at one place that wanted to be able to read passwords over the phone (that's how support was done). Support people didn't know all the names for symbols (hash, bang, pipe, ampersand/and, asterisk/star) and other issues (which left bracket do you mean, which quote, etc). So they didn't allow any punctuation.

Not a good reason (support shouldn't know my password), but you didn't ask for only good reasons :)