Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • @[email protected]
    link
    fedilink
    English
    13 months ago

    I’m with you, despite seeing lemmings downvote the heck out of your comment 😢

    The reason, and specifically for whitespace at the beginning or end of a password, is that a lot of users copy-paste their passwords into the form, and for various reasons, whitespace can get pasted in, causing an invalid match. No bueno.

    Source: I’m a web developer who has seen this enough times that we had to implement a whitespace-trim validation for both setting & entering passwords.

    • @[email protected]
      link
      fedilink
      English
      83 months ago

      Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.