The Impact of Keyboard Type on Users' Perceptions of Password Strength

Abstract

With the proliferation of mobile touchscreen computers, password entry no longer takes place exclusively on physical keyboards. Entering a strong password on a mobile device requires a person to navigate through multiple keyboard depths to access each character, while entering the same password on a desktop keyboard only requires a user to press keys that are accessible on a single layer. This paper investigates whether the extra physical and cognitive effort associated with using multiple levels of onscreen keyboards changes users' perceptions of password strength. Sixty participants judged perceived security by typing 36 passwords with a differing number of keyboard level transitions on either a mobile device or a desktop keyboard. Analysis revealed that passwords requiring a user to transition between keyboards increased perceptions of security. Passwords that required the use of the shift key on a desktop keyboard returned similar results. This suggests that users may overestimate the security of passwords based on the number of entry keystrokes.