Are You Sure No One Can Guess Your Password?

Password-280Thanks to James for bringing this to my attention.  If it wasn’t made by Microsoft Research, I might be afraid this site is a password stealer.  What it actually is is a tool to help you test your password to see how guessable it is.

Think no one can guess your password?  Go ahead and type it into Telepathwords.  It’s a collaboration between Microsoft Research and a PhD researcher from Carnegie Mellon University, researching the effect of password-composition requirements on password strength.

password-oops

As you type, the algorithm predicts the character you’re most likely to type next, based on the ones you’ve already typed.  The point?  If this tool can guess your password – so can the bad guys!

The tool gives tips as well.  Replacing an I with a 1?  That’s not security.

Password-tips

But even if you satisfy the Telepathwords Test (5 unpredicted characters in your password), that doesn’t mean you’re safe.

Even if Telepathwords is unable to predict many characters of your password, it may be predictable to an attacker who knows more about how you choose passwords than Telepathwords can. Among the limitations of Telepathwords is that it may be unable to detect weak passwords that:

  • are based on information about you that we don’t have but attackers might (such as your username, anniversary, favorite food, or pet’s name)
  • contain common words or phrases from languages other than English
  • contain terms that became popular since we collected our database of common phrases and passwords
  • contain common behaviors that we have not anticipated and learned to recognize

Stay safe, people!

 

 

, , , , , ,