Drinks and online banking don't mix

After imbibing large quantities of certain beverages, we Ars writers sometimes get carried away with telling each other true-life stories that probably shouldn't go anywhere but sometimes do. Last week, Ars Project Manager Clint Ecker mentioned that he wanted a flexible password generator on the iPhone for whenever he wants to create a completely forgettable pass-phrase.

Those forgettable items are perfect for online banking. Or, so says Clint, arguing a position that's not necessarily supported universally by online security experts. Clint resets his bank password to something unbreakable (and unmemorable) each time he accesses his online accounts, and in doing so he protects himself even from himself. His method works by using his browser to issue a password reset request before each login; he then generates a random password with some software, and uses the reset code that the bank sends to his phone or inbox to assign this new password to his account. This process, though a bit involved to carry out for each banking session, displaces his identity assurance from his login information to his mobile or email account.

At first, I set out to help Clint by digging up a suitable app on iTunes. But when that didn't work, I made one myself based on what I'd learned in my brief tour of App Store password generators. Here's how I did it.

Evaluating the options

Looking through iTunes for a suitable password generation app turned up a few candidates, including Utils (iTunes) and Password (iTunes), but neither of these really offered the simple, intuitive interface we were looking for. There had to be a better way to generate passwords using the following three basic criteria:

Upper case and lower case mixing

Alphanumeric mixing

Setting a password length, ranging between 4 and 12 characters

The two existing approaches on the App Store didn't really meet these criteria. Keishi Hattori's Password generates one long Rijndael cipher result, which would be hard to type from the iPhone screen onto a banking site once, let alone twice, as is normally required. Redwheel Apps' Utils offered the basic controls requested, but with a few usability issues that complicated Clint's goal.

Using the toggle switches shown here, it's entirely possible to create passwords without lower case letters, upper case letters, numbers or punctuation. Switching each option to OFF leaves you with a whole lot of nothing, an unacceptable scenario.

What's more, each pair of switches (Upper and Lower Case, Numbers and Punctuation) are not conceptually independent. There are at least three options being represented by these two switches. Users should be allowed to pick from all lower case, all upper case, and mixed case passwords. So these switches don't represent those choices well, and they also offer the unacceptable "no lower case" and "no upper case" option.

The Password Length text entry field here uses freeform user input to determine the password length. Keeping the user from entering invalid numbers demands some sort of pop-up/alert feedback, increasing the complexity of user interactions. Even if the number is valid, the user must still tap the field, wait for the keyboard to appear, enter a number, dismiss the keyboard and then tap the Generate Password button.

Given these challenges, there had to be a better way to allow users to interact with the interface while retaining the same degree of freedom.

My choice: the segmented control

To meet the toggle switch challenge, I decided to use a different UIKit class. A three-way choice is better presented using a segmented control. The UISegmentedControl class presents a radio button-style interface, where users can choose one choice out of a group. Rather than present independent upper and lower case switches, a single segmented control offers all three choices without the option of unacceptable "neither." A similar control for alpha, alphanumeric, and alphanumeric with punctuation removes the need for the second set of switches.

The next challenge was to eliminate the free-form text entry field. After considering a number of options of selecting the password length through modal dialogs and pop-ups, I decided to go with yet another segmented control instead. Although the number of options is high (there are nine valid choices), the iPhone's width accommodates segments that remain easy to touch by individual fingers. This was not an ideal solution, given the complexity of the control, but it proved workable in testing.

Deciding to meet all of these interface challenges with segmented controls allowed me to move onto designing the application itself.