Menu
Just wondering.
We usually trim a user name in various forms in our ASP.Net application, whats the best practices for password fields.
i.e. should we remove a trailing space in a password field before being saved/encrypted?
814
Passwords containing at least one space character are in general more secure than passwords without spaces. This is because passwords with spaces tend to be more complex, more difficult for attackers to crack, or guess. In most cases, using spaces will greatly enhance security of your passwords.
Space is a regular password character, and you shouldn't remove it. Since you probably hash the password before storing it in the database, the space will be treated as any other character.
Leave the password as the user entered it.
You should never change silently a field put by a user, overall a password.
187
If you use the same trimming method when inputting in the db as you use when you select to test the password, the user's password will still work just fine.
There is of course a slight reduction of quality for that (very rare) user who choose to use white space in the beginning or end of her password.
Spaces inside passwords should never be a problem, tho.
In summary: I have not come across any good reason not to do a simple trim() for any input from web forms and the alike, passwords or not. The benefits, however, far outweighs the slight cost mentioned above.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
