Phones and tablets are going to change what sort of passwords I use

August 29, 2016

For a fairly long time now I've been using strong random passwords for websites and other Internet authentication needs (as covered here). These random passwords are generated from an alphabet of upper case, lower case, and numbers; a typical twelve-character one is Hx35n7uVmTaS (I have a script that generates a few of them for me). Although cutting and pasting them into browsers is the easiest and best approach, they work out okay even if I have to enter them by hand on a computer.

Then I got an iPad Mini at work and suddenly the pain began. All of those nice random passwords turned out to be a complete pain to enter on the iPad's software keyboard. You see, on the iPad, lower case is one keyboard bank, upper case is another, and digits are a third bank. Every time one of my random passwords had a lower case letter followed by an upper case letter or a number, that's a bank shift, and bank shifts really slow you down (or at least they slow me down). Naturally, all of my strong random passwords had a lot of bank shifts; some of them shifted practically every character.

It's become clear to me that I very much want a different sort of random password for any password I'm going to be entering on a tablet (or on a future smartphone). A mixture of lower case and something else is somewhere between a good idea and necessary, but I don't want very many shifts between the two (or three); instead I probably want relatively large blocks of the same sort of character.

All of this is interesting to me because I had not previously really thought about how input methods strongly influence the sort of passwords we want to use. Which, well, of course they do. If you have to enter passwords at all, many people are only going to be willing to put up with so much pain. They're naturally going to pick passwords that are reasonably easy to enter in whatever they're using, whether this is a computer, a phone or a tablet, or something with an even more restricted or awkward text entry methods.

(And if you generate random passwords for people, for example for VPN access, you may want to think about how and where people will be entering them. Of course in most situations people only enter them once, but still.)

Written on 29 August 2016.
« My logic of blocking certain sorts of attachments outright
Bourne's getopts sadly makes simple shell scripts more cluttered and verbose »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Aug 29 00:13:53 2016
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.