So I have been ongoing'ed. 8-) Tim Bray writes about the frustration of picking a password so that paranoid systems will allow it and you will actually be able to use it at the same time, and he quoted my reply to him (cutting it a bit too much, I'd say). So here it is in full (slightly edited):
I'm not sure if it affects the security of the password significantly, but when creating a password I choose random keys that are easy to write — alternating the fingers and trying it out. The commonly used passwords, even historical ones, are completely in my muscle memory.
This is also a fairly good defense against shoulder surfers trying to see what I'm typing — I type it very fast, usually sans mistakes, and it's random enough that a looking person won't get it.
Posted at 1615 on Sun, Nov 6, 2005 in category Ideas | TrackBack