TechSpot

Microsoft Research's new tool guesses your password

By Scorpus
Dec 6, 2013
Post New Reply
  1. Microsoft Research has developed a new tool designed to help prevent people creating weak passwords for themselves. Known as 'Telepathwords', the system takes each character that you type for your desired password and attempts to guess the next one, giving...

    Read more
     
  2. davislane1

    davislane1 TS Evangelist Posts: 1,439   +559

    Looks like my password system performs as expected... Tomorrow's headline: MS Research Database Hacked, Millions of Passwords Accidentally Logged on Telepathwords Compromised
     
  3. After playing around with this for a few minutes it doesn't look all that impressive. All it appears to do is predict (3 possible) next characters you will type. It is case insensitive and gives no indication if what you enter is a strong password or not. Might as well type your password into Google and see what hits it gets.
     
  4. Terrax

    Terrax TS Rookie

    Only predicted one correct out of 13 characters. Woohoo!
     
  5. BMfan

    BMfan TS Guru Posts: 481   +49

    My one password from a few years ago it couldn't predict but unfortunately sites don't accept
    6 character passwords anymore.
     
  6. NTAPRO

    NTAPRO TS Enthusiast Posts: 811   +91

    My password used to be *** for yahoo and youtube for a good number of years lol. would've changed back if I could, but I guess it wasn't really worth it
     
  7. Cycloid Torus

    Cycloid Torus TS Booster Posts: 183   +39

    Unclear if significant. Quality of predictions may improve with time and more data. If more than half of characters are 'unpredicitable' then I bet you're safe. Of course, passwords like 'password' are not.
     
  8. Hahaha so true!

    I've had the same password for at least 15 years on one of my email accounts and never had one problem with any hacking or anything. I attribute it to not being an ***** and not clicking on bs links or logging onto mail in unsecure places. Its really that simple.
     
  9. treva1990

    treva1990 TS Rookie

    0 Out of 13 :p
     
  10. ikesmasher

    ikesmasher TS Evangelist Posts: 1,948   +381

    Website does not supply security info. I don't think ill be entering my password in, just in case.
     
  11. Adhmuz

    Adhmuz TechSpot Paladin Posts: 930   +106

    Tried one of my more complicated ones, it tries to put in suggestions and stuff, but none of which were accurate, however it still gives you poop when trying to use most numbers because hackers know to replace a 2 with an r? What? Or the predictions don't make any sense at all, almost like it's blindly trying to guess at all cost. Nor does it recognize simple keyboard patterns, yet still tells you that using a 5 in absolutely no context is too much like an s. Probably stealing passwords to resell to the highest bidder, so be weary of what you enter in.
     
     
  12. p51d007

    p51d007 TS Booster Posts: 333   +51

    13 character password, guessed 1 correctly
     
  13. cliffordcooley

    cliffordcooley TechSpot Paladin Posts: 6,119   +1,523

    Would the attacker be notified which characters are correct and which are not? I fail to see how this makes any sense. If the attacker doesn't know which characters are correct, they couldn't guess the incorrect characters.

    It is my understanding that the password is either 100% correct, or it is rejected as being 100% wrong. I don't understand where the shade of gray is at, allowing for such a concept as Telepathwords predicting incorrect characters.
     
  14. captaincranky

    captaincranky TechSpot Addict Posts: 10,821   +922

    What I'm not getting here, is how many guesses the program gets! :confused: Does the program have to get it right on its first try? If not, then all this is really, is a brute force password cracker in reverse.

    In the real world, you usually only get 3 tries to get the entire sequence correct, and then you get sent to the corner for a "time out".

    In another article here, the theory was if a computer was guessing, all you had to do, was use plain English, @ 14 characters or more.

    With how M$ has ostensibly let M$ Essentials slip in quality, this is perhaps a diversionary publicity stunt, to make you think they're doing something towards protecting you.

    If I had my druthers, I'd.ruther have them bring the AV program back up to snuff.

    This might be what we get, now that IBM is allowing time sharing with its "Watson" supercomputer.

    (OK, that was just a guess, but isn't guessing the spirit of this whole affair)?
     
  15. frog98146

    frog98146 TS Rookie Posts: 20

    It got 6 of 12, 4 of 13, and 2 of 12. I just changed some of my passwords. Good to know hacker will guess only 2 of 12, right off the bat.
     
  16. frog98146

    frog98146 TS Rookie Posts: 20

    Well it's like a combo lock 4+10 You start with 0000, 0001, 0003. My old combo was 9229 I figured they give up by then.

    Letters = 26, numbers = 10 Password 6-13. Now you can add caricature !@#$%&?+.

    Some passwords now requiring at lease 1 Upper Case, 1 Lower Case, 1 Number, 1 Special Caricature, and 13 Caricatures long.

    And if you can't find your password! They want your right arm and your first born to get it.

    And now they ask questions. I answered my High School but I spelled it backwards. Tsew Not West. That is one of my High Schools but that was not the school I used.

    And where do you keep the file so you don't forget. And now of all the hoops some sites won't let you use the last 6 passwords you used when you reset your passwords.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.