Sounds more like a typing problem than a password problem?
I'll argue it isn't. I'm a trained touch-typist - I was taught to touch-type on manual typewriters in the early '80s, and between programming and my academic work I've touch-typed the equivalent of thousands of pages of text. I still mistype my passphrases (which are now generally around 40 characters) on a regular basis.
Passphrases often aren't especially amenable to touch-typing. The typical passphrase system has zero tolerance for error and doesn't provide useful feedback. With Windows, for example, the standard password dialogs show bullet symbols for each character and are only 26 characters wide; after that, you don't even get feedback to show that you've successfully entered a character, because the identical bullet symbols just scroll horizontally.
And passphrases generally aren't typical natural-language phrases, because those would be weak against dictionary attacks. And since many passphrase systems are actually just password systems that allow long "passwords", they are often configured to require a large alphabet, so your passphrase has to include numerals and punctuation. Those elements make it easier to mistype the passphrase.
Back in the days of non-correcting typewriters, it's true that touch-typists typically had a much lower error rate than they do today, when correcting typographical errors is trivial. But a vanishingly small number of people use such typewriters now, so very few users have the training to eliminate typographical errors. And expecting users to do so once again puts the security burden on the wrong part of the system.
Biting the hand that feeds IT
