If a passerby hears you say "cypher mode A Y R cypher mode" to unlock your computer, they might not figure out that your password is CAT, but they will figure out that "cypher mode A Y R cypher mode" unlocks the computer.
Obviously you'd pick a better phrase than "cipher mode".
But you make a good point. I think this approach can still work though.
- Rotate the cipher based on the current day/time, or rotate it based on the previous use.
- You could prime the next password each time you successfully login. So e.g. every time you login, you offer 3 additional letters in "clear mode", but then have to give them back in cipher mode.
I think I'd go with the last one.
The worst part about all this is that it requires custom programming.
But you make a good point. I think this approach can still work though.
- Rotate the cipher based on the current day/time, or rotate it based on the previous use.
- You could prime the next password each time you successfully login. So e.g. every time you login, you offer 3 additional letters in "clear mode", but then have to give them back in cipher mode.
I think I'd go with the last one.
The worst part about all this is that it requires custom programming.