Microsoft’s Telepathwords Guesses Passwords as You Type

I can’t decide: Is this a helpful tool for helping users to build better passwords, or could it also be misused by hackers as a tool to help guess passwords?

If you have been using the Internet for some time, you know that password security is a serious issue nowadays.

It is not a single issue though, as multiple come into play here. Many users prefer easy to remember passwords, as it makes it easier for them to sign in to websites and services. To make matters worse, it is fairly common that the same password is used across all services and websites, as it is more convenient than having to remember multiple passwords.


Password managers can resolve those issues easily, but they are not as commonly used as they should be.

This means that hacked accounts, either by guessing, social engineering, man-in-the-middle attacks or other spyware are fairly common,

Microsoft’s Telepathwords website has been designed to highlight how easy it is to guess part of passwords based on the characters a user enters.

To use the service, simply start entering a password. It does not have to be one that you use actively though, and there are certain limitations but more about that later.

Once you type the first character, three guesses are displayed what the next character or characters will be.

If you start with A, Microsoft’s tool suggests the characters N as in and, B as in abc123 and T as in At as the most likely choice.

The tool supports more than though. It understands that numbers are sometimes used to replace words or letters, 1 and one for example, or 3 and e, and will include those in its suggestions.

While it is fairly sophisticated in that, it falls short if you use passwords that do not relate to common words or use common letter or word substitution techniques. A password like j09j2fj2hf2jfß2jfß2j_erhf0284hr cannot be guessed by Telepathwords no matter how good the engine is.

There are other situations where the outcome is far from ideal: if you are using words that mean something to you, but that are not available to the service. A nickname for example, the name of your school, or your license plate. That does not mean that those are secure on the other hand as the site points out, as they can be guessed by attackers that know you, or gathered through social engineering. It also works only for English words and not other languages.

Closing Words

The main use of the web app is to visualize if the password that you enter can be guessed by attackers based on the first characters that you enter.

Someone could get a glimpse of a password while you enter it in a coffee shop on your laptop, at work, or at any other public location.

Sometimes, these letters may be enough to guess the full password, or make brute forcing attempts a lot easier.

If you are already using a password manager, then the program does not have a lot to offer to you, especially if you are using its password creation module to create secure passwords.

Now Read: KeePass password manager review

Link to Original Content

Tags: , , , ,

Comments are closed.