I have found that putting spaces in passwords is a great way to make a simple password very secure. Hardly anyone uses spaces in passwords so it is a good way to "trick" the hackers. Although I'm not sure if hacker technology uses spaces when guessing passwords
It is but you need to have some other means to stop SQL injections. The best way to protect your forms is to limit the type of characters that can be submitted from your forms. Limit, or slow down the automatic submissions/guesses. Provide means to generate false positives, etc. Use not just spaces, but other $#_@^ characters, digits. But protect your server from shell, SQL injections.
Even better is to use characters not found on regular keyboards. Because those aren't listed by default in bruteforce apps & scripts.
Is it possible to use the character map found in System Tools? Nobody would be able to get through the Hebrew letter aleph!
why so complected? Just use a non-vocabulary password more than 7 chars and a few numbers there. For example the password "ngFDbn45" will be enough secure, since it is almost impossible to bruteforce such password. it will take a LOT of time to do that.
My password for my sites is the same as my school password, which begins with a number, followed by 5 random letters, then another number. So it is really safe. Perhaps I gave too much information about my password right there? But then one would have to still find my name, then my school, then somehow hack their system and get my password. I think I'm safe.
Last I use password with html code + space and it very strong. For example I want to pass='123456' but I use: pass='<u>1 23456 </u> Between 1 and 2 is 3 spaces, after 6 is 2 spaces but keylog detect my pass='1 23456' only. Very strong and hard to decrypt