From my last post testing an input method I have realised that trying to enter a long password into a device without a real keyboard is always going to be tedious.

Instead I have been thinking about secure ways of using smaller passwords. One technology which already does this is chip and pin. This is secure since you only have a limited number of attempts to correctly guess the pin before the card self destructs.

After doing some research it seems Atmel sell a product that might do the job: http://www.atmel.com/devices/AT88SC0404C.aspx. This chip has a lot of features, but most importantly it has some Password Attempts Counter (PAC) registers which count the number of incorrect password attempts. After 4 incorrect guesses the password is disabled. Because there are multiple registers it is possible to set more than one password, so you could set a backup password if you manage to lock yourself out with the main one. I believe the chip is also available in a SIM card style packaging, so if a card does become fully "bricked" you can just replace it with another.

I think I shall send an email to Atmel sales to see if they will let me have a few samples to play with (and inevitably brick a few). It looks like they sell them in PDIP form too, so perfect for prototyping!