Proposed new password metric: typability

It’s password renewal time at work, and it’s got me thinking about the best possible password. All the tips, tricks, literature, guidelines, rules, and automatic generators are obsessed with creating strong passwords. And that’s fine, I gave up easy-to-remember passwords a long time ago. But there’s another characteristics of a good password that nobody has yet addressed.

How easy is a password to type? How many times do you have to hold shift down? What about on your iPhone? How many times do you have to flip back and forth from one key layout to another? One password I have makes me flip no less than five different times.

That’s a pain in the ass.

I’d like to see this become a new metric in password generation. Let’s call it “typability.”

Here are three examples of 8 character passwords, rated “Strong 100%” at some Google-found password checker site.

1.)%i}’4[V

OMG. The generator I used for that one suggested you “remember” it this way, “) % ipod } ‘ 4 [ VIRGIN” to which I can only say… no. Plus, talk about hard to type. On a keyboard, that takes three trips to the Shift key, so five layout changes, or to put it simply, this 8 character password takes 11 keystrokes. On the iPhone, it takes 17 taps (!), shifting virtual keypads eight times! Talk about awful.

2.QW34+)(p

I came up with this one myself, moving roughly left to right on the keyboard, trying to stick with the shift key. On the keyboard it takes two visits to the shift key, so only three layout changes, and 10 keystrokes. But because the keys are close to each other, they are easier to type quickly. Does that make the password easier to crack? Possibly, but I don’t really know. On the iPhone keyboard, it takes 14 taps, shifting the keypad four times. Marginally better than the above. I’d remember this one as “Qwerty p”.

3.aS1$&:9′

I came up with this one, too, but on the iPhone. On a physical keyboard, it takes two shift key strokes, and 10 keystrokes, which is the same as the above (though it seems faster to me). But on the iPhone it takes only 10 taps, shifting the keyboard only once. Of course, I’d have to remember it as “assy sand ought nine uh” so that’s probably a problem.

So, I’m looking for a strong password generator that can also produce passwords that are easy to type on a keyboard, an iPhone keyboard, other keyboards (though I don’t personally care about them), and has mnemonic/memorable clues. I am curious about whether typability compromises password strength, too.

Anyone up for that? Lazyweb?

New Kicks

Got me some new kicks today:

New Kicks

My first time shopping for shoes online, after years of watching over Aprille’s shoulder. I went to a local store (a big box, not a local shopkeeper) and fitted myself for some Adidas. Size in hand, I went online to Zappo’s, and bought exactly the style I wanted (which they did not carry at the store I visited) in the size I needed. Two days, cheap(ish), with a liberal return policy. This is how to buy shoes.

For the interested: Adidas Originals Samba. Which is not to say the original Samba, which has a really long tongue you essentially have to fold over.