Last Updated: February 25, 2016
·
980
· alesf

Stronger passwords with space

250.000 Twitter accounts were compromised yesterday. It's nothing compared to LinkedIn 6.5 million in June 2012, but it shows that even big guns have security holes and that it's really good to have a strong password.

So not using only letter and numbers is a good idea.
Special characters from ASCII table are 100% safe to use (I still don't know why some developers are still sticking with iso-8859-1 encoding):

@`!"#$%&'()*:+;[{<\-=]}.,>^~/?_

The Twitter blog gives security tips about passwords and it reminded me that no one ever mentions one character ...

'space'

I haven't heard of or came across one example where password was trimmed, fiddled with or validated to the extent of preventing you from using certain characters, so I think it's safe to use a space in passwords and it provides even more security.

I don't know if brute force or any other method for decrypting password includes space as a possible character, but I doubt it.

P.S.: I wonder if it would be possible to use 'tab' or any other ASCII character from 0 to 1F

3 Responses
Add your response

The major problem is not the choice of characters but the length of the password. Suprisingly many services support only 12 or 16 characters maximum.

As gpu farms for cracking become affordable one should use something like pass phrases e.g. real sentences with mixed in numbers and special characters. With that you can easily reach "password lengths" of 80 chars or more.

After all its just about statistics. ;-)

over 1 year ago ·

@jan0sch You're right, but using space doesn't hurt. Especially for personal attacks. If nothing else - 80 charater password would be a pain to write for every authentication :)

over 1 year ago ·

@alesf Of course the more characters the better. Thats what I meant with "real sentences". Just hack in some verses of a poem and you should keep the brute force farm busy for some time. :D

over 1 year ago ·