Saturday, January 15, 2011

Use Spaces in Your Windows Password for Extra Security

Use Spaces in Your Windows Password for Extra Security

Use Spaces in Your Windows Password for Extra Security

Your Windows password is your first line of defense against someone getting deeper into your system. It's not uncrackable, but you can make it tougher by adding a space—which, oddly enough, Windows is cool with.

That tip comes from (starred) commenter Java-Princess, who notes that Windows passwords not only allow ASCII characters that require key combos, but also spaces. Many password guessers might never guess at a space bar, because so few password systems allow them. And with spaces randomly inserted into a password, you could, as Java-Princess suggests, even write down your password, just omitting the spaces.

Security firm Symantec, in a post about Windows password myths, also supports the use of spaces, especially in the middle of a password to separate two uncommon words. Symantec does note that those close enough to listen to you type in your password might hear the distinct thwack of a keyboard, so you'd want to be discrete when you're feeling wary.

There could also be drawbacks to using spaces as your Windows password if you're trying to connect remotely to your system—we haven't tested it out yet, but feel free to let us know, sysadmin types. Otherwise, consider giving your Windows password some space.

Send an email to Kevin Purdy, the author of this post, at

  • Follow us to see the most popular stories among your friends -- or sign up for our daily newsletter below.

track'); track

Your version of Internet Explorer is not supported. Please upgrade to the most recent version in order to view comments.

I had a problem in highschool when I changed my password to something longer than 14 digits. It worked fine with their web-based password change app, but when I tried to log into a computer, I had to talk to a teacher to get it reset. I reset it to what I had typed before but still had the same problem.

She reported it to an admin and the admin said that passwords over 14 characters wouldn't work with their network. Knowing how parts of that network were setup, I wouldn't be surprised if spaces screwed it up as well. Reply

"So few password systems allow [spaces]."

Really? I've got a space in about 90% of my passwords. I've found that the password systems that don't allow spaces also don't allow for a bunch of special characters either. Reply

I like to use the space bar followed by the backspace key, a key combo which hardly ever knocks my foil hat off. Reply
Posco Grubb promoted this comment

I've locked myself out of at least one BIOS and a Linksys router in the past by using a password with a space in the middle it. Be careful, lots of websites and other software have bugs surrounding spaces in passwords as it's generally not something people test for. Reply
danielblakes promoted this comment
Edited by Hooray4Zoidberg at 01/14/11 7:25 AM

My brother bought one of those Microsoft Fingerprint Readers for logging in but stopped using it when he figured somebody might chop his hand off to break into his system.

Paranoid freak. He thinks he's James Bond or something. Reply

Jason promoted this comment

So if my password is 4 spaces, I can add a space to both ends and make it more securer? Reply
Jason promoted this comment

The problem with that in a situation where one is sometimes typing in the password where others can hear it, the spacebar makes a very distinctive sound.

Like when the M-1 Garand's clip ejects, it makes such a distinctive sound it was used by the other army to know when one was out of ammo in that clip.

Anyway, all passwords have weaknesses, and this is an easy fix. I recommend committing a very complicated password to memory. If one can have very different, but easy to remember, variations, this is even better, for using it on many websites. Reply

Jason promoted this comment

If you're seriously concerned about people typing in your password at random until they get it right, your password is either insecure enough that adding spaces won't help, or you're way too worried. Never mind that windows starts slowing down password checks after the first few failures, the 'security' just a windows password supplies is almost useless. Encrypt if you can, but otherwise adding gimmicks like a spacebar is unlikely to solve anything. Reply

All these password gimmicks are just that. Crackers will start throwing spaces and high-ASCII characters into their brute-force attempts just as soon as people start using them. You're better off using random, 16-character garbage-looking passwords for everything, and using a password manager to keep them. It's not too hard to have one or two truly strong passwords memorized for your password manager itself, or for a system you can't use the manager with. Reply

Huh. I did not know this. I think I'll utilize this when the IT center forces me to change my password again next school year... Reply

Please note, as stated at the Symantec link: "However, due to how some applications trim spaces, it is often best not to begin or end your password with a space."

Given the graphic you've chosen for this tip, I think providing this important point is essential. Reply

Unionhawk promoted this comment
Edited by KarateMedia at 01/14/11 5:43 AM

Your first line of defence should be a good strong router SPI and sensible firewall.

Physically, hell, forget passwords and go biometric already _ Reply

I've been using spaces in passwords for a very long time. Most of my important passwords have them in them actually. Not as confusing placements, as separation between words. Reply

Huh, nice tip. While I don't password-protect my personal laptop, this could be useful for my work laptop that makes me change the password every few months. It's hard to remember that many passwords guys! Reply

In order to view comments on you need to enable JavaScript.
If you are using Firefox and NoScript addon, please mark as trusted.

No comments:

Post a Comment