It is common knowledge that a strong password contains characters from the largest character set possible; that is, a password made up of letters (A-Z) is weaker than a password consisting of letters and numbers, which is weaker than a password that contains letters, numbers, and symbols such as $, @, or &. This is because the larger the character set, the longer it will take to guess or crack the password.
History has shown that users will choose passwords that have the following qualities, in order of importance:
- Easy to remember.
- Easy to input.
- (If at all) hard to guess.
A memorable password is worthless if it takes more than a few seconds to type, and an easily typed password is worthless if it can’t be remembered. So typically, savvy computer users will pick a password that strikes a balance between the first two qualities, and some might take a moment to make it harder to guess by appending an arbitrary letter or number to the end. This is what causes passwords like password4 or vikings96.
But when using the Apple iPhone to enter text in a password field, what characters is the user presented with?
Letters only, with numbers and symbols hidden in secondary and tertiary keyboards. The extra effort needed to find and type a number (or an underscore, in the third keyboard removed) each time they enter a password will cause some people to either change their current passwords to be alphabetic or at least do so when choosing new passwords. If Apple wanted to encourage good password selection, the keyboard for a password field should at least look something like this:
The shift key would transform 0-9 into their traditional shift alternatives, and all of the keys would still be available in a secondary menu, if desired. However, if Apple wanted to make a truly game-changing move, they’d make the default password keyboard look like this:
Of course, that might be a little drastic. :-)