« previous next »
Pages: [1]   Go Down

Author Topic: Can you trust this tool with your passwords?  (Read 1799 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34059
  • malware fighter
Can you trust this tool with your passwords?
« on: December 10, 2013, 02:10:36 AM »
See: https://telepathwords.research.microsoft.com/

Well my question is simple, would you use it?
Well with NoScript and RequestPolicy enabled, you have nothing to fear!

polonus
« Last Edit: December 10, 2013, 02:12:29 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89676
  • No support PMs thanks
Re: Can you trust this tool with your passwords?
« Reply #1 on: December 10, 2013, 02:17:39 AM »
I'm always wary/suspicious of site that check passwords (regardless if it is Microsoft), if you ever did use it to check you should never use that password as effectively it could be captured. By all means check that the style of password format a mixture of upper/lower case, numbers, some other characters #_~ (if they are accepted) and at least 10 or larger.

But these checkers are essentially redundant if you use a password manager that creates random passwords.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline snowflake1

  • Jr. Member
  • **
  • Posts: 34
Re: Can you trust this tool with your passwords?
« Reply #2 on: December 10, 2013, 09:43:18 AM »
A part of what is said on the   item

Quote
To guess the next character you'll type, we send the characters you have already typed to query our prediction engine. The prediction engine uses a database of common passwords and phrases that is too large for us send to your computer.
To measure how much of an effect Telepathwords has on your behavior, we also send and maintain a log of your mouse movements and the timings of when characters are added to or removed from your password. This log does not contain the actual characters you type, but it does indicate whether each character was among those predicted by Telepathwords. We use this log for research intended to increase our understanding of how users choose passwords and how to help them choose better passwords in the future. This research may include collaborators outside Microsoft (such as the collaborators at Carnegie Mellon University who helped build Telepathwords) and we may share these logs with them for this purpose.
To protect the contents of the log, we encrypt log entries on your browser, before they are sent to our server. We do not keep the keys required to decrypt the log on any publicly-facing server. (Our servers create a random, unique key for each log, transfer that key to your client, and encrypt the key with a public key that is not stored on any publicly-facing server.)

I see that as them trying to get into your computer?

Some of it sounds like a keylogger?
Logged
Pages: [1]   Go Up
« previous next »