Idea itself is interesting, though password validation brings its own can of worms. Where do you do key groupings - client or server side? How do you capture keypress timing data? What amount of timing variation is allowed? How do you factor in changing typing swiftness? How do you handle keyboard layouts?
Essentially, the idea is different keys pressed at tightly controlled intervals, which sounds awful lot like music tune played on a keyboard (pun intended). Are tunes more or less secure than strictly textual passwords we use now?
Keyboard Layouts should be no problem (except I missed something) since I use key codes rather than values.
Maybe the source also helps answering some questions: https://gitlab.com/FalkF/combopassword/blob/master/app/compo...
A Combo Password should offer more security but I still got to wrap my head around the math. I got a formula from someone helpful with a master degree in math in the stackexchange post: https://math.stackexchange.com/questions/3133516/number-of-p...
A normal alphanumeric (36 characters) password with 5 chars has 36^5 possible combinations: "12345"
A combo password also has this 36^5 combinations since you can enter a normal password (it is just 5 single key combinations): "1,2,3,4,5"
But there are even more combinations since you can press keys simultaneously: "12,3,4,5" or "1,23,45," etc.
The checkSequence flag toggles the password checks strictness. When false you can set the password "12,3,4,5" and entering "21,3,4,5" will still be valid since "21" is the same two keys pressed as "12". When set to true only "12,3,4,5" would be accepted.
