Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Not sure if “password1234” is the best password to keep intruders out of your e-mail account? A new online tool from Microsoft Research called Telepathwords can help you figure it out by guessing which character comes next as you type your password (although hopefuly you already know that particular phrase is a poor choice). The better Telepathwords is at guessing what you’ll type, the easier it will likely be for someone trying to attack your inbox or online bank account protected by that password.

Released Thursday, Telepathwords incorporates common known passwords and common phrases. According to a Microsoft news release, it was also tested by “several hundred” Microsoft employees in order to provide data on how people come up with passwords and to train Telepathwords to detect shoddy password-choosing habits that hackers would probably be aware of. It’s interesting that, rather than simply giving users a “strength” score, the team behind it wants to show you, step by step, how good or bad your password is. Telepathwords was built by security researcher Stuart Schechter and four others.

The site is simple to use: you type the first letter or number of any password into a box and watch Telepathwords make three guesses as to what the next character will be. I tried this with a few passwords, and found that it had a pretty good idea of what I was going to type. When you’re done typing in your password, you see a series of check- and x-marks above it, scoring which characters that Telepathwords could guess and which it couldn’t. Occasionally, I was admonished with warnings such as: “Replacing a predictable letter with a key that looks similar? Attackers also know to substitute l for i, so it does little to improve your password.”

The site does collect the characters you type, sending them to a Microsoft Research server in order to make guesses about what you’ll type next. It also keeps track of how you move your computer mouse and time of when you add or delete characters from your password. The site indicates this data is encrypted within your Web browser, and it may eventually be used for related research.

1 comment. Share your thoughts »

Tagged: Web, Mobile

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me