Wandering Thoughts archives

2016-08-29

SoftwareKeyboardsAndPasswords

Phones and tablets are going to change what sort of passwords I use

For a fairly long time now I've been using strong random passwords for websites and other Internet authentication needs (as covered here). These random passwords are generated from an alphabet of upper case, lower case, and numbers; a typical twelve-character one is Hx35n7uVmTaS (I have a script that generates a few of them for me). Although cutting and pasting them into browsers is the easiest and best approach, they work out okay even if I have to enter them by hand on a computer.

Then I got an iPad Mini at work and suddenly the pain began. All of those nice random passwords turned out to be a complete pain to enter on the iPad's software keyboard. You see, on the iPad, lower case is one keyboard bank, upper case is another, and digits are a third bank. Every time one of my random passwords had a lower case letter followed by an upper case letter or a number, that's a bank shift, and bank shifts really slow you down (or at least they slow me down). Naturally, all of my strong random passwords had a lot of bank shifts; some of them shifted practically every character.

It's become clear to me that I very much want a different sort of random password for any password I'm going to be entering on a tablet (or on a future smartphone). A mixture of lower case and something else is somewhere between a good idea and necessary, but I don't want very many shifts between the two (or three); instead I probably want relatively large blocks of the same sort of character.

All of this is interesting to me because I had not previously really thought about how input methods strongly influence the sort of passwords we want to use. Which, well, of course they do. If you have to enter passwords at all, many people are only going to be willing to put up with so much pain. They're naturally going to pick passwords that are reasonably easy to enter in whatever they're using, whether this is a computer, a phone or a tablet, or something with an even more restricted or awkward text entry methods.

(And if you generate random passwords for people, for example for VPN access, you may want to think about how and where people will be entering them. Of course in most situations people only enter them once, but still.)

(10 comments.)
tech/SoftwareKeyboardsAndPasswords written at 00:13:53; Add Comment

(Previous day | Next day)
By day for August 2016: 1 3 5 7 8 10 12 13 14 15 16 17 19 21 22 23 24 25 26 28 29 30 31; before August; after August.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.