Telepathwords - determining the level of password security online
The research division of Microsoft Reasearch showed its Telepathwords project, which is designed to test the level of predictability of a user password.
The service works quite simply - in the special input field you are asked to enter your password, which, as you enter, is analyzed by a special engine on the server side and each character of the password is indicated in a special way depending on whether the service was able to predict it.
Like that:
')
Or a slightly more complicated option:
Technically, the service works as expected: having a base of passwords available online or from any leaks, some common phrases from search queries, as well as popular keyboard shortcuts ("qwerty", etc.), the password entered by the user is compared with the expected options ( include their visibility) and is rated by the level of “predictability”.
The creators of Telepathwords honestly say that the entered passwords are sent to them to the server, and mouse movements and time intervals are collected between which the user thinks about entering or deleting some character in the input field, but all information is sent encrypted for security and stored on a closed server. .
[ Telepathwords ]
The service works quite simply - in the special input field you are asked to enter your password, which, as you enter, is analyzed by a special engine on the server side and each character of the password is indicated in a special way depending on whether the service was able to predict it.
Like that:
')
Or a slightly more complicated option:
Technically, the service works as expected: having a base of passwords available online or from any leaks, some common phrases from search queries, as well as popular keyboard shortcuts ("qwerty", etc.), the password entered by the user is compared with the expected options ( include their visibility) and is rated by the level of “predictability”.
The creators of Telepathwords honestly say that the entered passwords are sent to them to the server, and mouse movements and time intervals are collected between which the user thinks about entering or deleting some character in the input field, but all information is sent encrypted for security and stored on a closed server. .
[ Telepathwords ]
Source: https://habr.com/ru/post/205004/
All Articles