A group of diverse people using different devices behind a sign up/login graphic. A group of diverse people using different devices behind a sign up/login graphic.

Can Passwords Have Spaces? Surprising Secrets To Passphrases

Do you remember your first password? I used “password” for my Juno email and internet service back in 1996, and I thought it was very clever at the time. But now, I cringe at how easily guessed that would be. With experts urging us to move away from passwords and at least towards passphrases, I wondered if my passwords could include spaces?

Generally, passwords can have spaces for many online services and device operating systems. Some accounts with outdated security models may restrict the space key, while others fully support it. The space character is a useful addition to turn a password into a passphrase, which is harder to crack.

If you’re allowed to use spaces in your password, then use them to make your password harder to crack. Most users don’t know this secret, and it can make your account more resilient to attacks. You’d be surprised what online services support using the space character in passwords…I mean passphrases.

A group of diverse people using different devices behind a sign up/login graphic.

There are quite a few popular sites that allow passwords with spaces. Here’s a table of what I tested:

Social Media SitesMail Service Providers
FacebookGmail
TwitterYahoo
InstagramOutlook
TikTokAOL Mail 
YouTubeProton Mail 

You have two options if you encounter a site that does not allow passwords with spaces.

  • use a special character like a dash or underscore as a replacement for the would-be space character
  • use a password generator to generate a strong password

In either case, storing the passphrase or password in your password manager is critical.

Why Can’t Your Password Have Spaces Sometimes

There are two significant cases where websites may disallow your password with spaces. The first scenario is in the case of outdated security models, and the second is to avoid confusion.

Outdated Security Models

In the early days of computing, many systems used a “blank delimited” approach to passwords. This means the password was divided into pieces at every space character, and each piece was treated as a separate word.

These outdated security models were created with limitations in an era where password hacks were less common.

Nowadays, dictionary and brute force attacks are a huge problem, with big names like Yahoo experiencing major password breaches.

Having and using spaces in passwords helps to foil these attempts.

To Avoid Confusion

Another reason passwords with spaces may be disallowed is to avoid confusion. When you enter your password, it’s easy to add extra space characters accidentally before or after the password. Login systems trim off spaces at the beginning or end of passwords. 

For example, the string “ password” (note the space before the word “password”) may be seen as a “password” by the system without the space.

True Story: I’ve personally had to program authentication with this additional logic. My company had far too many tickets from users that couldn’t log in due to their accidental inclusion of a leading or trailing space character.

Another point of confusion is user acceptance. Most people do not understand that the space character is perfectly legal to use in a password, making it a passphrase.  

Another True Story: A technician requested the use of our guest Wi-Fi. I showed him the sign displaying our passphrase. He could not wrap his head around the need to use the space key when entering the passphrase. 

Okay, if passwords can (mostly) have spaces in them, you might wonder if it’s worth it.

Paper that says "you are stronger than you think. "

Are Passwords With Spaces Safer?

According to Verizon’s annual Data Breach Investigations Report (DBIR) in 2018, weak passwords accounted for 81% of all data breaches. I guess that you don’t want to be in that 81%.

Using passphrases is one of the most effective ways to maintain your online accounts, according to BeyondTrust – an independent software, Identity, and Vulnerability firm.

To turn your one-word passwords into passphrases, include spaces within them.

A Passphrase

Passphrases are highly secure and rarely found on password trading markets. Did you know there is a market where stolen passwords are traded, much like a trading store?

However, do not use common passphrases that can be found online or passphrases from pop culture like song lyrics.

Logically, passphrases are an innovative and safe way to secure your account. Since most password-hacking software and tools are not designed for passwords with spaces, someone trying to guess your password would ordinarily not add spaces to their guess. 

Spaces will significantly reduce the susceptibility of your account to brute force and exhaustive guesses; hence, the security of your password is considerably stronger. 

Additionally, most password directories available to hackers online rarely contain passwords with spaces.

A cybersecurity team member at Proton Mail rightly remarks:

Unlike complex one-word passwords with lots of special characters, passphrases are easy to remember. If your ‘secure system’ isn’t easy to use, people won’t use it, negating the security benefit.

This means that a passphrase will offer you top-notch security and ease of remembrance. Killing two birds with one stone…that sort of thing!

Can Wi-Fi Passwords Have Spaces?

Not all WiFi-supported devices can allow spaces.

Unfortunately, you can do little to nothing about that; it depends more on the type of Wi-Fi device or router you have and what password settings the manufacturer allows.

The so-called firmware for routers and Wi-Fi access points are usually a few steps behind implementing password practices. If allowed, it’s a great idea to use spaces for your Wi-Fi password. 

As I said earlier, we do.

Now that you have a strong password (I mean passphrase), where do you store it? In a password manager or your memory?

Read on to get answers to this second password dilemma.

Smartphone with download page for bitwarden next to post-it with "protection" written in red marker.

Password Managers vs. Your Memory

Experts recommend doing away with password memorization.

From user experience, this is both risky and inefficient; a password manager would be more efficient in making all your passwords more secure. 

The challenge with memorizing passwords is that humans are bad at remembering random things, so if your password is a random combination of words, you’d have a harder time remembering it; this technically limits how complex your password can be.

On the other hand, a password manager can help generate, store, and auto-fill strong passwords for all your accounts. The only thing you’ll need to remember is the ONE master passphrase for your password manager – which should absolutely contain spaces.

Check out Bitwarden and KeePass as good free and open-source software (FOSS) password managers.

Remember, there’s a lot at stake if your password is leaked in a data breach