On Tue, 2010-12-28 at 14:49 +0200, Dotan Cohen wrote:

> I seem to have an issue with users who copy-paste their usernames and
> passwords coping and pasting leading and trailing space characters.
> The obvious fix was to trim() the values that I receive, but I worry
> how that would affect users who use a space at the beginning or end of
> their password. Of course, if I trim() also when the user is setting
> his password then he will never know that his password is really 1
> digit shorter, but do I really want to do that? Thoughts? Thanks!
> -- 
> Dotan Cohen
> http://gibberish.co.il
> http://what-is-what.com

The copy-paste thing I've noticed only really seems to happen on
Windows, particularly with Outlook. The thing I always tell people if
I'm emailing people a password is that they should type it out rather
than copy paste to avoid these issues. The whitespace usually seems to
consist of newlines and carriage returns, so you could try stripping
those two characters out specifically rather than a full trim().

As you've said, a user might want a space in their password, and should
be allowed to use them. Maybe add a footnote to the password field
reminding people about accidental copied characters, and perhaps a
Javascript counter that displays the number of characters used in the
password field (as a lot of people know their password length but find
counting the password character in a field difficult because the
characters are all the same and the eyes can't follow easily)


Reply via email to