It’s frustrating when you have to wrack your brain for a correct password and still get locked out of your account after continuous failed attempts. This unfortunate scene actually happens a lot to everyone, sometimes simply because people forget their passwords, but other times due to typos. In order to reduce all the stress from this minor task, researchers have come up with an innovative idea to turn the process around: autocorrect. While the proposal is still susceptible to criticism, experts confirm that it isn’t dangerous if it’s implemented in a way that takes into account how people choose passwords and the typos they make. Tom Simonite explains in an article for MIT Technology Review.
Giving a Pass to Passwords
People tend to think that privacy is afterthought when convenience is king. However, this isn’t true as the password autocorrect can still maintain the security of your account, depending on what kind of passwords you create. Cornell Tech, MIT, and Dropbox collaborators analyzed 24 hours of logins to Dropbox, and they found out that almost 10 percent of login attempts that failed did so due to a handful of easily correctable typos, such as leaving caps lock on, using the wrong case for the first character, or deleting the last character. Comparing that with patterns on passwords revealed by data breaches, correcting these common errors doesn’t really give hackers much of an advantage.
On the contrary, accepting common typos could give hackers a hard time for some passwords. The aforementioned collaborators have created two typo-tolerant password checkers that won’t accept typos for certain passwords where it could be risky, based on information from leaked password lists. Plus, an attacker cannot normally try more than five to six times because companies usually limit incorrect login attempts. With this, the benefits of accessing accounts more conveniently outweigh the potential risks of accepting typos.
You can view the original article here: https://www.technologyreview.com/s/601451/why-autocorrect-for-passwords-is-a-great-idea/#/set/id/601621/