January 04, 2011
In the more than thirty years I have been using computers I've had a lot of passwords. Some formed to very complex rules, others to very simplistic rules or no rules at all. Until very recently all my passwords were entered into the computer using a standard keyboard. Starting a year ago, however, with a chance to use Sibylle's iPod Touch, I discovered that some of my password techniques were reliant upon the keyboard itself, and that mobile devices often take great liberties with the layout and availability of certain keys.
Over the summer I got my first smartphone, an Android-based HTC Droid Incredible, and in the last two weeks through work I have acquired an iPad. Both of these devices have touch keyboards as their primary input mechanisms and neither fully supports some of the password creation rules imposed by some of the systems I interact with.
For better or for worse most places requiring passwords today impose some set of rules designed to create passwords that are presumed to be harder to guess or otherwise "hack." Mostly what these rules do is insure that people write their passwords down. A typical set of rules might look something like this:
Here's how: just pick a starting key, say the 4-key, and a pattern, angle down to the left for four keys and then right for four more keys, and start with the first two keys shifted to get: $Rfvbnm,.
The problem as we'll see in a moment is that entering this pattern on a touch keyboard is much more involved than on a traditional tactile keyboard.
The iPad (and iPod Touch, and I assume iPhone) has three keyboard layouts; what I will call the ABC-layout, the 123-layout, and the #+=-layout.
Using the example pattern described above, you'd have to change to the 123-layout to enter the $ and 4, then to the ABC-layout for the Rfvbnm (making sure to tap shift for the R), and finally back to the 123-layout for the ending comma. Ugh.
The default Android touch keyboard takes a slightly different approach to things, putting two characters on each key and allowing you to "long press" a key to get the secondary symbol. There are three layouts: the ABC-layout, the Symbol-1-layout and the Symbol-2-layout.
Using my example password, $Rfvbnm, you would start with a long-press of the 4$ key to get the $ character, then tap the shift key to type the capital R, then the vbnm keys for the next four characters (taking care to note that the key layout is slightly skewed from the typical computer keyboard), and finally touching the comma key which is down next to the spacebar. Again, ugh.
There is a very intriguing alternative keyboard/input system for Android called Swype. With Swype you "draw" each word by sliding your finger from character to character. When you lift your finger, Swype starts a new word. I find this input method to be the fastest for entering text and really wish there was a similar option for Apple's iOS platforms.
There are four Swype layouts: ABC-lowercase, ABC-uppercase, Symbol-lowercase, and Symbol-uppercase.
Even though drawing words is Swype's forte, entering passwords doesn't really lend itself to that input method, so you wind up tapping out individual characters when in Swype input mode. Using the example $Rfvbnm, password again, you'd long-press the S$ key, then touch shift R, then fvbnm, and finally the comma, down by the space bar. Once again, ugh.
It is worth noting that both the default Android input method and Swype offer voice-to-text input which works extremely well, and is useful for those surreptitious I'm-not-texting-while-driving-messages.
It is possible to get software like LastPass or 1Password that will remember all your passwords and that will work across all computing platforms (Windows, Mac OS X, Linux, iOS, and Android) but I haven't made the leap to one of these tools yet. I do use a password database that lives on my primary computer to help me remember passwords, but I have to go there to look them up. A password manager would integrate with your browser(s) and automatically insert passwords as you needed, and offer to store new ones (or even generate extremely strong passwords for you). My hangup with these is learning to trust that my passwords are safely stored in "the cloud" somewhere and that I'm not going to be left high and dry should the company fold at some future date.