Microsoft helps prevent weak passwords by reading your mind using Telepathwords
Microsoft wants to help you prevent weak passwords by showing you how your weak password can easily be predicted. Straight out of Microsoft’s Research labs comes Telepathwords – a tool that is designed to predict the next character of your passwords.
“To guess the next character you’ll type, we send the characters you have already typed to query our prediction engine. The prediction engine uses a database of common passwords and phrases that is too large for us send to your computer,” Microsoft explains.
Telepathwords will dip into a database that contains common passwords which have been made public via security breaches, those that appear frequently on web pages or in common search queries, and use of sequences of adjacent keys. The tool will then predict what the next character of your password will be. If the tool detects the right letter(s), then your password is weak.
The tool also measures your mouse movements and timings of character additions or removals and writes these results in an encrypted log.
“To measure how much of an effect Telepathwords has on your behavior, we also send and maintain a log of your mouse movements and the timings of when characters are added to or removed from your password. This log does not contain the actual characters you type, but it does indicate whether each character was among those predicted by Telepathwords. We use this log for research intended to increase our understanding of how users choose passwords and how to help them choose better passwords in the future,” Microsoft adds.
While Microsoft does keep a log of all entries into the tool, the company promises that that your information is secure. “To protect the contents of the log, we encrypt log entries on your browser, before they are sent to our server. We do not keep the keys required to decrypt the log on any publicly-facing server. (Our servers create a random, unique key for each log, transfer that key to your client, and encrypt the key with a public key that is not stored on any publicly-facing server.),” Microsoft explains.
If you are brave enough, head over to the VIA link below to check out the tool.
Thanks to all who sent this in!Further reading: Microsoft