密码中应该允许空格字符吗? [英] Should whitespace characters be allowed in a password?

问题描述

我尝试了不同的站点/产品，这似乎被平均分配了. Windows 7和Gmail允许您在密码中插入空格. Hotmail和Twitter不会.

I've tried different sites/products and this seems to be split fairly evenly. Windows 7 and Gmail allow you to insert spaces in your password. Hotmail and Twitter do not.

虽然在密码中允许使用空格会增加密码的复杂性，但似乎许多站点/程序都不允许使用.是否有充分的理由允许/禁止空格?

While allowing spaces in a password increases the complexity of a password, it seems like many sites/programs do not allow them. Is there a good reason to allow/disallow spaces?

推荐答案

此SuperUser问题可能是相关的.

我认为您的观察是正确的:许多基于Web的系统仅接受字母数字和一部分符号字符(例如0-9A-Za-z/_-!)，但是我认为这只是历史惯例.也可能是程序员习惯于<space>字符定界字段，而不是在其中找到字符.

I think that your observation is accurate: many web-based systems accept only alphanumerics and a subset of symbolic characters (say, 0-9A-Za-z/_-!), but I think that this is simply historical convention. It may also be that programmers are used to the <space> character delimiting fields, rather than being found inside them.

还有一个可见性问题:如果您在密码中允许多个连续空格，那么用户可以轻松地对它们进行计数吗?系统是否可能将它们折叠成一个(就像没有HTML一样)?甚至可以简单，快速地识别单个空格字符吗?

There's also the issue of visibility: if you allow multiple consecutive spaces in a password, can the user easily count them? Might a system even collapse them into one (as unaided HTML would)? Can even a single space character be easily and quickly identified?

但是，许多其他类型的系统的确在密码中留有空格.我可能仍会偏离它们，只是为了防止用户混淆(如果人们确实习惯了密码中的空格无效，那么很多地方都带有空格的密码可能会使许多人感到困惑)，但是似乎没有任何技术上的区别原因不允许他们.

However, plenty of other types of systems do allow spaces in passwords. I'd probably still stray from them simply to help prevent user confusion (if people are indeed used to spaces in passwords being invalid, a password with a space in may be confusing to many), but there doesn't seem to be any technical reason not to allow them.

这篇关于密码中应该允许空格字符吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！