On Tue, Dec 28, 2010 at 17:13, Paul M Foster <paulf@xxxxxxxxxxxxxxxxx> wrote: > If users want to embed spaces in their passwords, well and good. But at > the beginning or end? No. Trim them. As mentioned elsewhere, I suspect > this is mostly because of copying and pasting. > A leading space in a password is a terrific defence against accidentally entering the password at the CLI and having it saved to history. I've done that, not noticing that I was getting an SSH error instead of a password prompt, and had the password in the history of a machine that I couldn't erase the history of. Another defensive password method is to end the password with "&lang=en" to foil poorly-written web apps who GET the submission form. I don't want my password stored in a webserver logfile somewhere as a querystring, so disguising part of the password as a GET variable helps. A password that takes advantage of both these features might be " John123Lennon&lang=en" which is easy to type, easy to remember, very long and contains a wide variety of characters. Trimming spaces would _not_ be what a user of this password would want. And yes, I'm the OCD geek with such passwords. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
