Microsoft 'Telepathwords' Site Helps Users Craft Stronger Passwords
Microsoft researchers build a tool, called Telepathwords, to help users avoid common mistakes in creating their passwords.A group of researchers at Microsoft have created a tool that guesses passwords in real time as a way of helping users select better sequences of numbers, letters and special characters to protect their data. The system, called Telepathwords, models the way that attackers attempt to guess passwords based on common patterns used in passwords. The system behaves like word processors and search engines that implement auto complete, except that the user aims to fool the system from being able to complete the password. Users will quickly find that replacing an "a" with an "@" symbol or an "e" with a "3" does not result in a password that is appreciably stronger, Stuart Schechter, researcher at Microsoft Research, said in an email interview. "Telepathwords is designed to help users create passwords strong enough to prevent online guessing attacks, in which an [attacker] might get up to a million guesses," he said.
Microsoft's Schechter envisions people using the Telepathwords site to try out current or future passwords. The system does not retain or communicate passwords and uses obfuscation techniques to prevent helping out any would-be attacker."While no security system is perfect, we've taken extensive precautions to protect the data sent between your browser and the servers Telepathwords uses to provide predictions," he said. "We not only encrypt the data, but we work to hide the size of the data going back and forth to prevent attacks that might attempt to infer the contents of communications from the data sizes." In addition to avoiding weak passwords, users should not reuse passwords, as a breach of one service could lead to attackers using the same passwords on other services.