Is it a butterfly?

Microsoft has set up a research website (http://www.inkblotpassword.com) that allows users to generate a password, based on a random series of inkblots that the user links to a keyword. The first and last letters of that word are entered by the user and so starts the base of their password.

The first thing you will notice on this site is that it uses another Microsoft research project asirra (http://research.microsoft.com/asirra/). On choosing your username and playing the “guess the animal right” game, you get to the generate password screen.

The Inkblots are stacked up in 2 rows allowing you to enter 2 different passwords based on the images. You can customise the number of images to show from 5 to 10, effectively limiting the password length between 10 and 20 characters in length.

The about page hints that this system can lead to highly randomised yet memorable passwords increasing security, Yet it's recommended you don't use your account for any important data.

In an effort to maximise the potential of this system it is run on a OpenID server and allows single sign-on usage using Open ID, across any website that supports the
Protocol.

Therefore, a different approach to password generation, can allow the user more chance to create visual relationships in order to remember their password.

It leaves me with two questions.
The first was originally a little fun, hence the blog title but then the second occurred to me.

1) How many passwords will contain the letters “by” (butterfly)? 🙂
2) And could all those butterlfies be a potential security risk?