What is the benefit with passwords that are always 50% numbers and 50% letters?

Question

In Teamviewer, I am using "secure (8 characters)" passwords that are changed daily. I noticed that the password is always 4 numbers and 4 lower case letters, with random positions.

I might be naive, but isn't that less secure, because it reduces the amount of possible alphanumeric combinations? Or is it more secure because there'll never be an 8 digit password that is letter only or number only? My intuition says no, but then why would Teamviewer do this...

Answer 1

Warning: A previous version of this answer contained a big math error leading to incorrect conclusions. It has now been fixed.

Let's calculate some entropy!

• A random password consisting of 8 lower case letters or digits:

  log2((26 + 10)^8) = 41.4 bits
  

• A random password, where exactly 4 characters are lower case letters and exactly 4 are digits:

  log2(26^4 * 10^4 * (8 choose 4)) = 38.2 bits
  

• A random password, containing exactly 8 lower case letters:

  log2(26^8) = 37.6 bits
  

So, what conclusions can we draw from this?

• As you can see, we lose some entropy - almost 3 bits. This means the password would be about 7 times faster to crack.
• To do this to avoid passwords with only lowercase is a bit misguided, since now all passwords are almost as bad as lowercase only passwords.
• The best guess is probably that this is a UX decision. The mix makes them easier to remember and read aloud. The loss of entropy (less than the equivalent of removing one character) could be deemed "worth it".