In this article we are going to demystify and answer one very important question when it comes to passwords. There are many people who are wondering whether it is a good idea to use spaces in passwords or not.
If you are also wondering, read on. Hopefully this article will answer all your questions.
Data breach, financial fraud, identity theft, you name it. These things are just not stopping.
In today’s digital world, it is an absolute paramount for your digital safety to use strong and secure passwords. Using strong passwords is always going to be the first line of defense to protect your online presence and your digital assets.
Let’s get started.
Can passwords have spaces?
Yes, passwords can contain spaces. There is absolutely no plausible reason for disallowing users to use spaces in the passwords. However, there might be certain situations where using of spaces is restricted, e.g. due to various technological limitations or obsolete (legacy) password policies.
Historically, using spaces in passwords was not a recommended practice (link), pointing out the fact that some major online platforms are not allowing it (link) along with a variety of other software not allowing it.
A lot has changed since then.
Today, practically all modern applications, systems and websites allow you to use spaces without a problem.
All major operating systems (Windows, Apple, Android or Linux), popular social media platforms (Facebook, YouTube, WeChat, Instagram, TikTok, Twitter, Pinterest ..), freemail providers (Gmail, Yahoo, Hotmail, ProtonMail, AOL Mail ..) and practically any other modern software or online service, will allow you to use a space character in your password without any problem.
Should you use spaces in passwords?
Absolutely!
Using spaces in passwords is an excellent idea, because it significantly improves the security (strength) of your passwords. It helps to protect your accounts from attackers who might be trying to guess your passwords, crack them, or employ brute forcing in order to compromise your accounts.
A space in your password will in effect transform your password into a passphrase and using passphrases is one of the most recommended security practices.
You should be definitely doing it whenever you can!
Are passwords with spaces more secure?
In most cases they are.
Passwords containing at least one space character are in general more secure than passwords without spaces. This is because passwords with spaces tend to be more complex, more difficult for attackers to crack, or guess. In most cases, using spaces will greatly enhance security of your passwords.
Here are the top 4 reasons why using spaces in passwords is such a great idea:
- It increases complexity of your password, which makes it harder for attackers to guess or crack your password.
- Using space in passwords will naturally lead you to use passphrases, which is the top recommended practice throughout the security industry.
- Passwords with spaces are generally harder to crack using commonly available password lists or a password cracking software.
- Practically all publicly available password lists, that are typically used for password cracking, contain only a small fraction of passwords with spaces.
All this will ultimately contribute to the security of your password, lowering the risk of attackers succeeding in breaking into your account, or cracking your password hash.
Why space is not allowed in password on some websites?
Some websites or software may be dependent on an outdated (legacy) technology that for some reason doesn’t allow you to have spaces in passwords. Needless to say, such limitations are usually groundless and might signal that the product was built with a weak security model in mind.
Disallowing people to use spaces in their passwords should be a thing of the past, because in today’s world there are no technological limitations that would merit imposing such a crippling and unnecessary restrictions.
What to do if you cannot use spaces in your password?
If you are not allowed to use spaces in your password for some reason, you can still create a quality, complex and secure password using other characters. Instead of the space character, simply use a dot, dash or an underscore. This will still allow you to create secure, passphrase-like password.
Here’s an example how it would look practically:
- Instead of typing this passphrase:
This 1s My Very S3CR3T Password!!
- You could type:
This-1s-My-Very-S3CR3T-Password!!
All the security features, advantages and strength of the passphrase are still preserved.
Can WiFi passwords have spaces?
Yes, WiFi networks can be configured with space characters in the password in any security mode (WEP, WPA / WPA2 / WPA3 PSK or Enterprise). However, keep in mind that not all WiFi capable devices (such as various smart accessories and gadgets), support spaces as well! This can cause problems.
For instance, it has been reported that certain Anker products (namely the Anker Eufy Smart Wireless WiFi Plug or the Anker Homebase 2 system) have a problem in their app that will not let you specify a space character in the password field, when setting up these gadgets.
With no fix, there is nothing you can do other than to change your wireless password in your router and reconfigure all your devices.
Therefore when it comes to WiFi networks, it is prudent to avoid using spaces in the password and choose some other special character instead.
How can you create a strong and secure password?
Password strength is a topic that keeps evolving as the technological capabilities keep advancing. One strong trend is to use passphrases over passwords, because they are generally easier to remember and are naturally very long. But as there are weak passwords, there are also weak passphrases.
Here’s what the Center for Internet Security (CIS) recommends in their current Password Policy Guide:
- Use passphrases instead of passwords – Length is the most important aspect of a good password.
- Don’t use words related to your personal information – Avoid things that attackers can look up about you on the Internet.
- Limit using dictionary words – Use non-dictionary alternatives in your passphrases.
Furthermore, take advantage of the following options that you have today:
- Use Multi-Factor Authentication (MFA / 2FA) – Present two, or more pieces of evidence when logging into an account.
- Use password managers – Keep your passwords safe in a vault, without the need of remembering any of them.
- Enable account lockout mechanisms – Enforce temporary accounts lockouts after several consecutive failed attempts, or use time doubling login throttling.
Lastly, there are 2 additional points that are worth keeping in mind (borrowed from the Schneier on Security blog):
- Never reuse a password you care about – Even if you choose a secure password, the site it’s for could leak it because of their own incompetence.
- Beware of the “secret question” – You don’t want a backup system for when you forget your password to be easier to break than your password. Really, it’s smart to use a password manager.
Conclusion
Hopefully this article provided you with some actionable advice when it comes to dilemma of using spaces in passwords.
It is my hope that you will never have to deal with identity theft or a stolen account, because it is typically more than a major headache to deal with and to recover from.
If you found some value here, please consider subscribing and following InfosecMatter on Twitter, Facebook or Github to keep up with the latest developments.
SHARE THIS
MOST VIEWED TOOLS
