See: https://telepathwords.research.microsoft.com/
Well my question is simple, would you use it?
Well with NoScript and RequestPolicy enabled, you have nothing to fear!
polonus
See: https://telepathwords.research.microsoft.com/
Well my question is simple, would you use it?
Well with NoScript and RequestPolicy enabled, you have nothing to fear!
polonus
I’m always wary/suspicious of site that check passwords (regardless if it is Microsoft), if you ever did use it to check you should never use that password as effectively it could be captured. By all means check that the style of password format a mixture of upper/lower case, numbers, some other characters #_~ (if they are accepted) and at least 10 or larger.
But these checkers are essentially redundant if you use a password manager that creates random passwords.
A part of what is said on the item
To guess the next character you'll type, we send the characters you have already typed to query our prediction engine. The prediction engine uses a database of common passwords and phrases that is too large for us send to your computer. To measure how much of an effect Telepathwords has on your behavior, we also send and maintain a log of your mouse movements and the timings of when characters are added to or removed from your password. This log does not contain the actual characters you type, but it does indicate whether each character was among those predicted by Telepathwords. We use this log for research intended to increase our understanding of how users choose passwords and how to help them choose better passwords in the future. This research may include collaborators outside Microsoft (such as the collaborators at Carnegie Mellon University who helped build Telepathwords) and we may share these logs with them for this purpose. To protect the contents of the log, we encrypt log entries on your browser, before they are sent to our server. We do not keep the keys required to decrypt the log on any publicly-facing server. (Our servers create a random, unique key for each log, transfer that key to your client, and encrypt the key with a public key that is not stored on any publicly-facing server.)
I see that as them trying to get into your computer?
Some of it sounds like a keylogger?