Do virtual keyboards promote weak passwords?


I’m quite big on password complexity. I like to use mixed case, numbers and special characters in my passwords.

Since having the iPad (and now the Android phone) I find it a real bind typing in strong passwords. The mixed case isn’t so bad, but I do have more login mistakes with the virtual keyboard. What really bugs me is having to switch keyboards two or three times to get all the special characters and numbers in. Every time I have to type a password on a mobile device I feel a certain tension…

My recent experience has left me thinking how nice it would be to have a weak password, preferably lower case letters only. So my next thought was, do virtual keyboards promote weak passwords?

Of course, I don’t expect anyone to comment and admit they have switched back to weak passwords, but it would be nice to know if anyone else feels my pain… 🙂



Author: Tim...

DBA, Developer, Author, Trainer.

7 thoughts on “Do virtual keyboards promote weak passwords?”

  1. I agree that the virtual keayboard has made it a bit tougher but i think I’m actually better off now. As Jake wrote, a password tool like 1Password allows me to have a lot of strong passwords, many of which I don’t even know. I only need to keep track of 1 master password to use them all.

  2. I remember a few years back a study done on US campus students. Interestingly, in terms of crack-ability from an anthropological viewpoint, numbers and special chars were of little benefit – because they always had some sort of meaning for the individual (birth date, etc etc)…

    The best correlation they found was that of password length and security…ie, length was more important than numbers/special chars etc…they very much emphasised the term ‘passphrase’ as opposed to ‘password’

    So you shouldn’t worry about all lowercase letters…just make sure there’s lot of them 🙂

  3. I also wonder if numbers used are just l337 replacements, such as sc0tt – I wonder what impact that would have?

    I think the issue will also depend on the virtual keyboard. When I used an iphone, I had this complaint. Now with the samsung, it’s not so bad because I just need to hold a letter down for half a second to get the number/punctuation underneath.

    I think virtual keyboards will evolve to something better every generation.

  4. On my phone I’ve started using passwords that I can just type as if predictive text was enabled (although of course it isn’t in a password field). For example, say I can remember the password ‘Kittens’. I just hit the keys [JKL] + [GHI] + [TUV] + [TUV] etc, and hold the last key (say) down until it becomes a number, so although I’m thinking ‘Kittens’ what I actually type is ‘Jgudm7’. On the desktop Firefox will remember it for me (I use the Secure Login add-on), and on the phone it’s easy to enter.

    Whether that helps on an iPad etc I don’t know, though.

Comments are closed.