Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • portifornia@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    I’m with you, despite seeing lemmings downvote the heck out of your comment 😢

    The reason, and specifically for whitespace at the beginning or end of a password, is that a lot of users copy-paste their passwords into the form, and for various reasons, whitespace can get pasted in, causing an invalid match. No bueno.

    Source: I’m a web developer who has seen this enough times that we had to implement a whitespace-trim validation for both setting & entering passwords.

    • orclev@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      3 months ago

      Trimming whitespace from the start and end of a password is fine but you absolutely should not remove whitespace from the middle of a password.