Space in a password!!

[phymonus]

Do not put spaces in passwords !

[Rubberman]

You can (in theory), but it isn't recommended. In fact, just about any ascii character (printable or not) should be allowed, except for a new-line which terminates the input for the passwd command.

[elija]

Why not?

As long as you are using a properly salted hash it is just another character and makes it harder to crack a password. NULL (\0) on the other hand would cause problems.

Legacy systems that pass passwords round in plain text are another matter. But no new systems do that anymore do they?

[simon]

in some contexts it would be fine, but this doesn't change the fact that as a general rule spaces are not a good idea, because standard input and output treats spaces as significant separators (between commands, parameters, filenames, etc.). in a gui you might be typing something into a nice little dialog box, but behind the scenes a program might then pass it on (to sudo or whatever) via the shell, in which case a space can mess things up. yes, well written scripts (let alone compiled code) usually should be able to cope with spaces, but not all code is well written, and so the fact remains that a string without spaces (e.g. with_underscores_instead) is safer than one with spaces, not just in passwords but even for file names etc.

of course, if you know how the password's going to be processed, and spaces aren't going to cause problems, then spaces are fine. as elija says, there isn't much software shunting passwords around in plain text these days, and likely to be even less in future. but it's simpler just to avoid spaces: it's a rule you can apply consistently on any system with no unexpected problems.

as for making it harder to crack a password, i can see how that could be the case for some manual attempts, but in terms of brute force it's just one more character, and even for manual or dictionary-based attacks, i'm not sure how "secret password" is any harder to crack than "secret8password" or whatever. basically if you like spaces, go for it, but i don't think phymonus is wrong to advise avoiding them as a general rule.

[kurtdriver]

Complete derailment, how did the OP get to have Zero posts?

[oz]

Complete derailment, how did the OP get to have Zero posts?

Messages posted in the Coffee Lounge do not count toward a user's total post count.

[corcaigher]

I have been using spaces for years. The only time I've had any difficulty was with some websites. In general, I have found that using spaces can make it very difficult to crack passwords.

[jonsg]

There's one very good reason not to use spaces in passwords. If you do a character frequency analysis on any chunk of text, spaces are either the most, or nearly the most, single commonest character. And worse, if you use a textual (as opposed to random) password that includes spaces, that means you've got a number of short, easily guessable words. So I'm with Phymonus on this, but probably not for the reasons s/he was expecting.

If you're going to use words as a basis for passwords, do it in a way that masks them and mixes other characters too. For instance, in an alpha-numeric-only system, you might use c4dAO2g: 'cat' and 'dog' interwoven, with '42' inside the outer characters, and the middle two capitalised. Something that makes sense to you, and is memorable to you, but is not inferrable, predictable or easily broken by a dictionary hack.

Jon