Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I trim spaces in a password field

Just wondering.

We usually trim a user name in various forms in our ASP.Net application, whats the best practices for password fields.

i.e. should we remove a trailing space in a password field before being saved/encrypted?

like image 814
Liam Avatar asked Aug 30 '11 09:08

Liam


People also ask

Should you allow spaces in passwords?

Passwords containing at least one space character are in general more secure than passwords without spaces. This is because passwords with spaces tend to be more complex, more difficult for attackers to crack, or guess. In most cases, using spaces will greatly enhance security of your passwords.

Are spaces allowed in Windows password?

Space is a regular password character, and you shouldn't remove it. Since you probably hash the password before storing it in the database, the space will be treated as any other character.


2 Answers

Leave the password as the user entered it.

You should never change silently a field put by a user, overall a password.

like image 187
onof Avatar answered Oct 03 '22 00:10

onof


If you use the same trimming method when inputting in the db as you use when you select to test the password, the user's password will still work just fine.

There is of course a slight reduction of quality for that (very rare) user who choose to use white space in the beginning or end of her password.

Spaces inside passwords should never be a problem, tho.

In summary: I have not come across any good reason not to do a simple trim() for any input from web forms and the alike, passwords or not. The benefits, however, far outweighs the slight cost mentioned above.

like image 20
Gorm Avatar answered Oct 02 '22 22:10

Gorm