Month: October 2009

Proposed new password metric: typability

It’s pass­word renew­al time at work, and it’s got me think­ing about the best pos­si­ble pass­word. All the tips, tricks, lit­er­a­ture, guide­lines, rules, and auto­mat­ic gen­er­a­tors are obsessed with cre­at­ing strong pass­words. And that’s fine, I gave up easy-to-remem­ber pass­words a long time ago. But there’s anoth­er char­ac­ter­is­tics of a good pass­word that nobody has yet addressed.

How easy is a pass­word to type? How many times do you have to hold shift down? What about on your iPhone? How many times do you have to flip back and forth from one key lay­out to anoth­er? One pass­word I have makes me flip no less than five dif­fer­ent times.

That’s a pain in the ass.

I’d like to see this become a new met­ric in pass­word gen­er­a­tion. Let’s call it “typa­bil­i­ty.”

Here are three exam­ples of 8 char­ac­ter pass­words, rat­ed “Strong 100%” at some Google-found pass­word check­er site.

1.)%i}‘4[V

OMG. The gen­er­a­tor I used for that one sug­gest­ed you “remem­ber” it this way, ”) % ipod } ’ 4 [ VIRGIN” to which I can only say… no. Plus, talk about hard to type. On a key­board, that takes three trips to the Shift key, so five lay­out changes, or to put it sim­ply, this 8 char­ac­ter pass­word takes 11 key­strokes. On the iPhone, it takes 17 taps (!), shift­ing vir­tu­al key­pads eight times! Talk about awful.

2.QW34+)(p

I came up with this one myself, mov­ing rough­ly left to right on the key­board, try­ing to stick with the shift key. On the key­board it takes two vis­its to the shift key, so only three lay­out changes, and 10 key­strokes. But because the keys are close to each oth­er, they are eas­i­er to type quick­ly. Does that make the pass­word eas­i­er to crack? Pos­si­bly, but I don’t real­ly know. On the iPhone key­board, it takes 14 taps, shift­ing the key­pad four times. Mar­gin­al­ly bet­ter than the above. I’d remem­ber this one as “Qwer­ty p”.

3.aS1$&:9′

I came up with this one, too, but on the iPhone. On a phys­i­cal key­board, it takes two shift key strokes, and 10 key­strokes, which is the same as the above (though it seems faster to me). But on the iPhone it takes only 10 taps, shift­ing the key­board only once. Of course, I’d have to remem­ber it as “assy sand ought nine uh” so that’s prob­a­bly a prob­lem.

So, I’m look­ing for a strong pass­word gen­er­a­tor that can also pro­duce pass­words that are easy to type on a key­board, an iPhone key­board, oth­er key­boards (though I don’t per­son­al­ly care about them), and has mnemonic/memorable clues. I am curi­ous about whether typa­bil­i­ty com­pro­mis­es pass­word strength, too.

Any­one up for that? Lazy­web?

New Kicks

Got me some new kicks today:

New Kicks

My first time shop­ping for shoes online, after years of watch­ing over Aprille’s shoul­der. I went to a local store (a big box, not a local shop­keep­er) and fit­ted myself for some Adi­das. Size in hand, I went online to Zap­po’s, and bought exact­ly the style I want­ed (which they did not car­ry at the store I vis­it­ed) in the size I need­ed. Two days, cheap(ish), with a lib­er­al return pol­i­cy. This is how to buy shoes.

For the inter­est­ed: Adi­das Orig­i­nals Sam­ba. Which is not to say the orig­i­nal Sam­ba, which has a real­ly long tongue you essen­tial­ly have to fold over.