Show HN: Combo Password: A (hopefully) new type of password
92.60.36.247Interesting. Just typing "password" yields "pa,s,s,w,or,d", so it seems you register groups by keypress delay. It actually opens up multiple possibilities to factor typing style in to the password. The same keys one fingered grandma-style would not necessarily register as the same password when "properly" typed in.
Idea itself is interesting, though password validation brings its own can of worms. Where do you do key groupings - client or server side? How do you capture keypress timing data? What amount of timing variation is allowed? How do you factor in changing typing swiftness? How do you handle keyboard layouts?
Essentially, the idea is different keys pressed at tightly controlled intervals, which sounds awful lot like music tune played on a keyboard (pun intended). Are tunes more or less secure than strictly textual passwords we use now?
Actually I register groups when a key is lifted. You probably typed fast and had P still pressed when A was pressed. I do not yet have a solution to compensate for varying swiftness. These typos could be prevented with a some effort I guess. The groupings need to happen client side, timing data is not involved at all, only keyDown and keyUp events are used.
Keyboard Layouts should be no problem (except I missed something) since I use key codes rather than values.
Maybe the source also helps answering some questions: https://gitlab.com/FalkF/combopassword/blob/master/app/compo...
A Combo Password should offer more security but I still got to wrap my head around the math. I got a formula from someone helpful with a master degree in math in the stackexchange post: https://math.stackexchange.com/questions/3133516/number-of-p...
Hi, I was wondering about use cases for n key rollover (apart from gaming) when I thought of using key combinations as a password. This is a small demo login to demonstrate my idea. There should be more combinations in a combo password than in a normal password of the same length.
So for every character I type a comma gets added. Can you give an example of a normal password and combo password and the math why the combo password has more combinations?
The comma is just there to visually separate the key combinations, I did not implement a better solution for visualizing a combination yet.
A normal alphanumeric (36 characters) password with 5 chars has 36^5 possible combinations: "12345"
A combo password also has this 36^5 combinations since you can enter a normal password (it is just 5 single key combinations): "1,2,3,4,5"
But there are even more combinations since you can press keys simultaneously: "12,3,4,5" or "1,23,45," etc.
The checkSequence flag toggles the password checks strictness. When false you can set the password "12,3,4,5" and entering "21,3,4,5" will still be valid since "21" is the same two keys pressed as "12". When set to true only "12,3,4,5" would be accepted.
I see. I missed how you can press/type two character simultaniously. Not sure if that work with mobile onscree keyboards and password manager softare.
It wont work with password managers or devices without keyboards. Unless a comma (or other char) separated string form is accepted by the implementation. I could also think of solutions for screen keyboards, but my goal is not to replace normal passwords but rather to offer an alternative where high security is needed and compatibility granted.
I did open a post on Stackexchange about this: https://math.stackexchange.com/questions/3133516/number-of-p...