Should I trim spaces in a password field

Question

Just wondering.

We usually trim a user name in various forms in our ASP.Net application, whats the best practices for password fields.

i.e. should we remove

Answer 1

it depends by your business: if you want allow the users to create passwords with spaces at the end you should not do that. anyway instead of trim it it would be better to validate it and notify the user about an invalid password showing the reason in this case the white spaces

Answer 2

Don't trim spaces, since some users do include spaces in their passwords. If you don't want a space then just make it invalid to put spaces in a password.

Answer 3

Trim leading and trailing spaces and all other whitespace. It is actually a good practice for all common fields. Do not count these trailing and leading spaces towards minimum password length. Spaces in the middle of password are just fine. Please, never restrict what password can contain.

Answer 4

Leave the password as the user entered it.

You should never change silently a field put by a user, overall a password.

Answer 5

Do not trim the spaces, some may be use whitespaces in their password, application should be user-friendly as well as should be provide security, so dont trim the spaces.

Answer 6

It depends,

Some users copy their password from somewhere or fill in their password and copy paste it in the Confirm Password field. This sometimes gives a extra space before and after the password. A space will be encrypted as well while they didn't even realize a space was there.

While other users actually create passwords with spaces in.

It's totally up to you to decide your password policy. Just make sure it is very clear for the user what your password policy is. Either by alerting them if they used a space or alerting them using a space isn't allowed.