Rachel Metz

A View from Rachel Metz

A New Tool Plays Mind Reader With Your Passwords

Microsoft Research’s Telepathwords demonstrates how strong (or weak) your passwords are by guessing them as you type.

  • December 5, 2013

Not sure if “password1234” is the best password to keep intruders out of your e-mail account? A new online tool from Microsoft Research called Telepathwords can help you figure it out by guessing which character comes next as you type your password (although hopefuly you already know that particular phrase is a poor choice). The better Telepathwords is at guessing what you’ll type, the easier it will likely be for someone trying to attack your inbox or online bank account protected by that password.

Released Thursday, Telepathwords incorporates common known passwords and common phrases. According to a Microsoft news release, it was also tested by “several hundred” Microsoft employees in order to provide data on how people come up with passwords and to train Telepathwords to detect shoddy password-choosing habits that hackers would probably be aware of. It’s interesting that, rather than simply giving users a “strength” score, the team behind it wants to show you, step by step, how good or bad your password is. Telepathwords was built by security researcher Stuart Schechter and four others.

The site is simple to use: you type the first letter or number of any password into a box and watch Telepathwords make three guesses as to what the next character will be. I tried this with a few passwords, and found that it had a pretty good idea of what I was going to type. When you’re done typing in your password, you see a series of check- and x-marks above it, scoring which characters that Telepathwords could guess and which it couldn’t. Occasionally, I was admonished with warnings such as: “Replacing a predictable letter with a key that looks similar? Attackers also know to substitute l for i, so it does little to improve your password.”

The site does collect the characters you type, sending them to a Microsoft Research server in order to make guesses about what you’ll type next. It also keeps track of how you move your computer mouse and time of when you add or delete characters from your password. The site indicates this data is encrypted within your Web browser, and it may eventually be used for related research.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.

  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.