Here is the text of the NIST sp800-63b Digital Identity Guidelines.

You are viewing a single thread.
View all comments View context
-26 points

What kind of barbarian puts a space in their password?

permalink
report
parent
reply
44 points

Very common for pass phrases, and not dissuaded. Pass phrases are good for people to remember without using poor storage practices (post it notes, txt file, etc) and are strong enough to keep secure against brute force attacks or just guessing based off knowledge of the user.

permalink
report
parent
reply
10 points

On one hand, that’s true. On the other hand, a person should only need exactly one passphrase, which is the one used to unlock their password manager. Every other password should be randomly-generated and would only contain space characters by chance.

permalink
report
parent
reply
19 points

That’s great in theory, but you’ll have passwords for logging into OSes too which password managers do not help with and you better have it memorized or you’re going to have a bad time.

permalink
report
parent
reply
29 points
*

Deleted

permalink
report
parent
reply
3 points
*

Deleted

permalink
report
parent
reply
2 points

That’s the “zero width space,” Alt + 200B for Windows users. Another favorite of mine is the nonbreaking space, Alt + 0160, which a staggering majority of web sites and other systems fail to account for.

permalink
report
parent
reply
16 points

gosh who would want an uncommon character that obviously most average people aren’t thinking about in their passwords, that sounds like it might even be somewhat secure.

permalink
report
parent
reply
1 point

hunter 2

unhackable

permalink
report
parent
reply
6 points

My passphrase includes several spaces. It’s another character to assist in entropy.

permalink
report
parent
reply
1 point

I’m with you, despite seeing lemmings downvote the heck out of your comment 😢

The reason, and specifically for whitespace at the beginning or end of a password, is that a lot of users copy-paste their passwords into the form, and for various reasons, whitespace can get pasted in, causing an invalid match. No bueno.

Source: I’m a web developer who has seen this enough times that we had to implement a whitespace-trim validation for both setting & entering passwords.

permalink
report
parent
reply
7 points

Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 6.1K

    Posts

  • 131K

    Comments