Why do some apps/sites require you to use or not use certain characters when creating a password.
For instance below are JetBlue's requirements.
Your password must be 8 – 20 characters long. Only alphanumerical characters, spaces, dashes and underscores are allowed.
Both the use/restriction of special characters in passwords is related to improving different aspects of security.
When a site requires you to use passwords with certain minimum length or include atleast one numeric character, special character and so on. They want to force the user to create a strong password that is less susceptible to brute force attacks (i.e.. 12345 is not gonna fly).
Similarly, restricting certain characters/length can be considered a (weak) defense mechanism against attacks like SQL injection. Although keep in mind that front end restrictions can be easily bypassed by an attacker. In addition, websites may place restriction on certain character (like whitespaces) depending on how they parse/process passowrds. In general, limiting passwords is in itself not a good idea.
