Re: Password entropy

[Roger Safian <r-safian () NORTHWESTERN EDU>]

At 04:55 PM 7/19/2006, Valdis Kletnieks put fingers to keyboard and wrote:
> On Wed, 19 Jul 2006 14:51:25 CDT, Roger Safian said:
>
> > BTW - I should also say that I am pretty sure that most users
> > will find it easier to type words rather than a mixture of
> > characters, although I have no real proof to back that up.
>
> An important consideration here is that a string of words is easier to type,
> which means that the typing speed goes up.  It's much harder to shoulder-surf a
> 10 word passphrase from somebody typing at 40wpm than it is to shoulder-surf 10
> random letters from the same somebody who has dropped to near hunt-n-peck
> speeds because the letters don't form a "natural" sequence.  I know *I* can
> type the first 10 words of Styx's "This Old Man" from the Crystal Ball album a
> lot faster than I can do the whole "This starts with T, Old starts with O, then
> M, H, T, M, M, T, T, U...."

Absolutely.  IMO, I think we have spent to much energy focusing on the strength
of the passphrase instead of the user experience.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"