← Back to context

Comment by inopinatus

6 years ago

Square Enix's account management on the PS4 allowed me to set a password with a space on the end, but their website strips spaces from the password field when you sign in.

Fun fact: it's actually really easy to submit a string with a space on the end when entered via a PS4 controller.

4 comments

inopinatus

Reply
Faark  6 years ago

Trimming spaces is the one evil that is kind of necessary. Way to many text selection tools select trailing spaces. Firefox and Chrome both do when selecting words. Got a mail with a reset password and want to copy it over? Yeah, good chance the space is copied as well. On a few occasions even ended up in my password manager. Please, just apply password rules everywhere consistently.

  • cgriswald  6 years ago

    > Please, just apply password rules everywhere consistently.

    This would honestly fix all of it, without even needing to communicate information about how passwords are handled. Although, I think those rules should be communicated as well, so users can make good choices about password security. If spaces are removed, that lowers entropy and users may want to add additional characters or restrict spaces in their password generator.

    It may not be easy. You might have dozens of different client applications with different requirements or abilities. But it is simple: Figure out your best practices and your lowest common denominator. Then apply those rules to every password every time in every context.

    Alternatively, if you have clients which (for whatever reason) need a special case, create a separate hash for that special case and then use that only for that client. (Likely, this will reduce the overall security of the account, but if this is your lowest common denominator, allowing other clients to have greater security certainly doesn't hurt you.)

  • MiddleEndian  6 years ago

    On a semi-related note I once had to help a coworker who couldn't log into a server using an auto-generated password listed like so:

    The password is p4ssw()rd.

    Turns out they didn't realize the period was part of the password.

Breza  6 years ago

Back in the day, I created an AOL password with CTRL-BACKSPACE in it. It worked when using the AOL software but when I tried to log into the website, it deleted the password.