Microsoft's Telepathwords guesses (parts of) passwords that you type - gHacks Tech News

Microsoft's Telepathwords guesses (parts of) passwords that you type

telepathwords

If you have been using the Internet for some time, you know that password security is a serious issue nowadays.

It is not a single issue though, as multiple come into play here. Many users prefer easy to remember passwords, as it makes it easier for them to sign in to websites and services.

To make matters worse, it is fairly common that the same password is used across all services and websites, as it is more convenient than having to remember multiple passwords.

Password managers can resolve those issues easily, but they are not as commonly used as they should be.

This means that hacked accounts, either by guessing, social engineering, man-in-the-middle attacks or other spyware are fairly common,

Microsoft's Telepathwords website has been designed to highlight how easy it is to guess part of passwords based on the characters a user enters.

To use the service, simply start entering a password. It does not have to be one that you use actively though, and there are certain limitations but more about that later.

Once you type the first character, three guesses are displayed what the next character or characters will be.

If you start with A, Microsoft's tool suggests the characters N as in and, B as in abc123 and T as in At as the most likely choice.

The tool supports more than though. It understands that numbers are sometimes used to replace words or letters, 1 and one for example, or 3 and e, and will include those in its suggestions.

While it is fairly sophisticated in that, it falls short if you use passwords that do not relate to common words or use common letter or word substitution techniques. A password like j09j2fj2hf2jfß2jfß2j_erhf0284hr cannot be guessed by Telepathwords no matter how good the engine is.

There are other situations where the outcome is far from ideal: if you are using words that mean something to you, but that are not available to the service. A nickname for example, the name of your school, or your license plate. That does not mean that those are secure on the other hand as the site points out, as they can be guessed by attackers that know you, or gathered through social engineering. It also works only for English words and not other languages.

Closing Words

The main use of the web app is to visualize if the password that you enter can be guessed by attackers based on the first characters that you enter.

Someone could get a glimpse of a password while you enter it in a coffee shop on your laptop, at work, or at any other public location.

Sometimes, these letters may be enough to guess the full password, or make brute forcing attempts a lot easier.

If you are already using a password manager, then the program does not have a lot to offer to you, especially if you are using its password creation module to create secure passwords.

Now Read: KeePass password manager review





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Dan said on December 11, 2013 at 5:45 pm
      Reply

      What’s the point of this if it only “guesses” one character in common passwords like “123456” or “password”. If we are to believe that less correct guesses equals a stronger password, then Microsoft knows nothing about security.

      1. Martin Brinkmann said on December 11, 2013 at 5:48 pm
        Reply

        Well it has been designed for users who use common passwords, or common words in their passwords, to show them that they can be easily guessed.

    2. B. Moore said on December 11, 2013 at 9:16 pm
      Reply

      There is NO WAY in hell I am typing ANY PART of my password in to any text box that isn’t the exact place that password is needed.

      I don’t care who runs the site or if they are making guess from only 1 character, I am not taking any chances.

      1. imu said on December 11, 2013 at 11:01 pm
        Reply

        holy truth imagine the base of possible passwords they will learn this way,that would be enough to make nice fat dictionary out of it and then bruteforce the internet with it :)

        1. insanelyapple said on December 12, 2013 at 8:39 am
          Reply

          And then, they can give that dictionary to NSA still claiming that they want privacy reform.

    3. InterestedBystander said on December 12, 2013 at 5:46 pm
      Reply

      Well, you don’t have to type in your REAL passwords. If you use keyboard patterns, check a similar pattern to see how it holds up. Or if you insert special characters in words, use a different word and different sequence of characters. Be creative, guys!

    4. rickxs said on December 13, 2013 at 12:09 am
      Reply

      gee you guys are paranoid about password theft ! —- who said that

    Leave a Reply