While true, space can also be encoded as + (and in the case of mailto links, must be). And generally, historically, usernames and passwords alike have been restricted to the same character set: [A-Z0-9?!.*_-], for purely historical reasons that these are non-conflicting characters likely to be used.
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
Yup but what's shocking is that you can set "Keanu Reevs" which contains a space in a "full name" input, and it's OK.
But then you want to try a space in the password and most sites say "Bad Bad!!" and it's like... a single space in SHA256 will look like that anyway: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 😅
Like I said, it makes no sense, and for some reason the more afflicted field (username) got less restricted much much earlier than passwords. It just grew to this point historically, through some very incoherent steps.
Tech Lead/Team Lead. Senior WebDev.
Intermediate Grade on Computer Systems-
High Grade on Web Application Development-
MBA (+Marketing+HHRR).
Studied a bit of law, economics and design
Location
Spain
Education
Higher Level Education Certificate on Web Application Development
While true, space can also be encoded as
+
(and in the case of mailto links, must be). And generally, historically, usernames and passwords alike have been restricted to the same character set:[A-Z0-9?!.*_-]
, for purely historical reasons that these are non-conflicting characters likely to be used.Yup but what's shocking is that you can set "Keanu Reevs" which contains a space in a "full name" input, and it's OK.
But then you want to try a space in the password and most sites say "Bad Bad!!" and it's like... a single space in SHA256 will look like that anyway:
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
😅Like I said, it makes no sense, and for some reason the more afflicted field (username) got less restricted much much earlier than passwords. It just grew to this point historically, through some very incoherent steps.
Also, mild funny streak: You are expecting people to use SHA-256, that's already a step up for a lot of sites using SHA-1 or MD5 still. :P
hahahaha And a young junior myself encoding passwords in whirlpool back those days 😂😂 can't even remember, was it 512 bit worth of hash maybe?
Badass past-me...