Could Microsoft guess your password?
A fun way of highlighting the risks of using weak passwords, Telepathwords has the power to guess your password before you've finished typing it.tech reviews Updated: Dec 11, 2013 11:42 IST
A fun way of highlighting the risks of using weak passwords, Telepathwords has the power to guess your password before you've finished typing it.
And if the web tool can predict it based on nothing else than the last character entered, then chances are, so can a hacker.
Telepathwords is part of a much larger program that Microsoft's research arm is working on in partnership with Carnegie Mellon University designed to educate web users and deter them from cutting corners when it comes to creating online passwords. It doesn't matter how good a company's firewall is or how robust its security measures, if its customers insist on using ‘123456' or ‘password' as their site passwords.
So, to see how good you are at avoiding potential password hacks, log on to the web tool and enter the first character of your password. With nothing more than a single character, symbol or number to go on, Telepathwords will attempt to predict the next character. It does this by searching databases of known passwords (exposed by security breaches) and common words and phrases.
And to make sure that each user's visit to the web tool is safe, Telephathwords uses encryption.
So, what do you do if the system guesses your password? The short answer is to change it to something much stronger. Sophos Labs has a great video for explaining how to create very strong passwords, which should take care of that particular problem.
However, the bigger issue is that the vast majority of web users recycle their passwords across multiple sites -- understandable considering that the average consumer has between 11 and 26 internet accounts.
To combat this issue, consider using two-factor authentication -- an option offered by Microsoft, Apple, Facebook, Google and Twitter among others, or invest in a password creation and management tools, such as lastpass or 1password which are as easy as ABC to use, but are much more secure than using ABC as a password.