[yoshamano]

If you bump into enough of these devices you'll learn that most use a limited keyspace for their encryption key. Case in point, the Motorola NVG510 used by AT&T Uverse HSI ADSL2+ (not to be confused with AT&T Uverse VDSL). They are all programmed with a SSID of ATT### and use a ten digit numerical PSK. As far as brute forcing them, it took my GeForce 550 three days to find the key of my test unit, and if I remember correctly five days to scan the entire keyspace. A newer and faster video card could have done it in hours.

If manufacturers stopped using fixed length keys for a particular product line and made use of the entire alphabet it would make this kind of exercise infeasible.

[limaoscarjuliet]

Using good passwords (i.e. alphanum, case sensitive, perhaps with some special characters) in end user deployment is a support nightmare. Imagine you are trying to tell such password to user over a phone on a support call. The 10 digit number sequence is unsafe but is easy to handle - people are used to phone numbers and account numbers.

[tga_d]

A 10 digit number sequence has 33.2 bits of entropy. 3 diceware words has 38.7 bits of entropy. I don't think 10 numerical digits is easier to relay than 3 words. Although either would be far short of the ~90 considered fully secure, I think it's safe to say there are plenty of designs that would have been both safer and easier to use.

[pyre]

The words themselves are prone to end-user screw-ups though. Think of how many people don't know how to spell correctly... :P