Oh, absolutely. Just explaining how one of these "unspoken rules" came about despite being completely nonsensical. For a similar reason, % is often not included in the allowed character set, even though there's no real reason for it.
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
It's more a blind design decision, those which are made just by copying what others did than thinking in your product.
There's no technical reason for avoiding spaces other than being necessary for executing some hacks, i.e. SQL injection like setting this as value for your password:
myPassw0rd') OR 1 = 1
I'm sure there are multiple sites in where this still works 😅
Disclaimer: This example is for login forms not for registration ones, either way if you are going to hash a password it will be capable of getting spaces within and no issue will show up I guess that "old ways are never lost".
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
well, space is a valid character, it just gets encoded to %20 and the server gets it and decodes the %20 to a space again. It has never been an issue.
Moreover you can set spaces in other fields like in the name one 😅 so I guess an arbitrary reason should be behind that.
I'm honestly curious to see if someone appears and states some weird technical reason for not admitting spaces inside a password that I don't know about.
While true, space can also be encoded as + (and in the case of mailto links, must be). And generally, historically, usernames and passwords alike have been restricted to the same character set: [A-Z0-9?!.*_-], for purely historical reasons that these are non-conflicting characters likely to be used.
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
Yup but what's shocking is that you can set "Keanu Reevs" which contains a space in a "full name" input, and it's OK.
But then you want to try a space in the password and most sites say "Bad Bad!!" and it's like... a single space in SHA256 will look like that anyway: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 😅
Like I said, it makes no sense, and for some reason the more afflicted field (username) got less restricted much much earlier than passwords. It just grew to this point historically, through some very incoherent steps.
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
Oh, absolutely. Just explaining how one of these "unspoken rules" came about despite being completely nonsensical. For a similar reason, % is often not included in the allowed character set, even though there's no real reason for it.
It's more a blind design decision, those which are made just by copying what others did than thinking in your product.
There's no technical reason for avoiding spaces other than being necessary for executing some hacks, i.e. SQL injection like setting this as value for your password:
I'm sure there are multiple sites in where this still works 😅
Disclaimer: This example is for login forms not for registration ones, either way if you are going to hash a password it will be capable of getting spaces within and no issue will show up I guess that "old ways are never lost".
well, space is a valid character, it just gets encoded to %20 and the server gets it and decodes the %20 to a space again. It has never been an issue.
Moreover you can set spaces in other fields like in the name one 😅 so I guess an arbitrary reason should be behind that.
I'm honestly curious to see if someone appears and states some weird technical reason for not admitting spaces inside a password that I don't know about.
While true, space can also be encoded as
+(and in the case of mailto links, must be). And generally, historically, usernames and passwords alike have been restricted to the same character set:[A-Z0-9?!.*_-], for purely historical reasons that these are non-conflicting characters likely to be used.Yup but what's shocking is that you can set "Keanu Reevs" which contains a space in a "full name" input, and it's OK.
But then you want to try a space in the password and most sites say "Bad Bad!!" and it's like... a single space in SHA256 will look like that anyway:
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068😅Like I said, it makes no sense, and for some reason the more afflicted field (username) got less restricted much much earlier than passwords. It just grew to this point historically, through some very incoherent steps.
Also, mild funny streak: You are expecting people to use SHA-256, that's already a step up for a lot of sites using SHA-1 or MD5 still. :P
hahahaha And a young junior myself encoding passwords in whirlpool back those days 😂😂 can't even remember, was it 512 bit worth of hash maybe?
Badass past-me...