A smart password checker that lets you make mistakes

Download for OSX Download .deb Download .rpm GitHub

 

Mistyping your password leads to failed logins and time wasted. This is not only frustrating, but can also have a negative effect on users’ security practices. Less secure (but easier to type) passwords might seem more appealing, and users might be discouraged from locking their computers.

With this in mind, we built TypTop, a secure personalized typo-tolerant password checker for your MAC or Linux computer. It lets you focus on more important things than retyping your login password.

TypTop offers typo-tolerance tailored to you. It learns the typos that you make most frequently and allows you to log in under a small handful of these typos. Security isn't sacrificed. TypTop performs a number of safety checks before allowing authentication under a given typo to ensure this will not degrade security. We've conducted an in-depth analysis to prove that TypTop is as secure as a conventional password-based authentication.

 

Currently TypTop can be used in Unix based systems including Mac OSX and Linux distributions. We have precompiled packages for many systems. See if you can find yours in latest releases. The installation should be straightforward—download the binary, click on it, and follow the onscreen instructions. Otherwise you can compile it in your machine from the source. That's right: TypTop is open source software distributed under the MIT license.


How to test installation?

Once installed successfully, TypTop should register itself with the pluggable authentication module (PAM), so that it is invoked for all PAM based authentications requiring a password to be typed. It securely records typographical errors and enables login with common typos as it learns about them. If you are eager to check whether or not it is working, you can lock the screen and re-login first with the correct password, and then with a typo by adding '1' at the end of your password. For example, say your password is KuteCitten, try to log in with KuteCitten1. If you can login with the mistyped password, then TypTop is working fine!

You can do the same experiment in the terminal with the command 'su'; type su $USER, in the terminal, type the correct password for the first time, and next time try a typo of it as described above.

We are conducting a short survey about users' password habits, and request you fill it in. Check below for more details.


How to uninstall TypTop?

To uninstall, you have to open the terminal and type the following command, sudo typtop --uninstall.

 

TypTop is a new kind of a password checker that learns about your old password typing mistakes, and lets you login with the typos that you frequently make—if it is safe to do so. We only allow typos that are very close to your original password (i.e., off by one character) and that do not degrade unpredictability of the password by too great an amount. To achieve this, TypTop uses a new kind of encrypted cache to store recent incorrect entries, and unlocks these upon a correct entry of the password. Incorrect entries that satisfy TypTop's safety checks are then securely hashed and added to a set of allowable login passwords. On subsequent logins, TypTop not only checks the original password, but also checks against the entire set of allowed passwords. If any match, then login is allowed. All sensitive data (your password and typos of it) are stored in secured form on your system.

All this is presented in detail and analyzed in a forthcoming academic research paper. We will post it here soon. The code for TypTop is open source as well, and we welcome any feedback on it.

 

TypTop is a research prototype and while our initial pilot deployment has evidenced its efficacy for users that make typos frequently, we need data from a larger set of users to understand what fraction of users benefit from TypTop's design. We therefore have built into TypTop an anonymized and secure feedback mechanism, similar to how most modern software reports back to the designers information useful for improving the system. There is absolutely no way to utilize the collected data to learn about your password or other sensitive information!

What data do we collect?

We do not record IP addresses or any other information about the system from which an anonymous report is collected. In fact we will not even be able to associate data collected to individual installations.
For each login we collect:

  1. The timestamp and local time of the login.
  2. A unique identifier of the submitted password. The identifier is obtained by computing an HMAC of the submitted password with a random 128-bit secret unique to each installation of TypTop. The 128-bit secret never leaves the user's computer. Without the secret, it is impos1sible to perform brute-force dictionary attack and invert those identifiers.
  3. A boolean stating whether or not the entered password/typo was in the cache of allowed typos at the time of login.
  4. Whether or not the entered password is an easy-to-correct typo (i.e., flipped capitalization, or a character added to the end or beginning of the original password, etc.).
  5. The relative change in the strength of the typo with respect to the original password, as measured by the zxcvbn password strength meter.

On installation of TypTop, you are included in the study by default. You can opt out of the study at any time without affecting the functionality of TypTop by running the following command (in the terminal):   typtop --participate $USER no

The data collected will only ever be used by our research team to understand the efficacy of TypTop. We may publish summary statistics (e.g., average improvement to login efficacy) in future research papers. The collected data will never be released publicly.

We are also conducting an anonymous, short survey on users' password typing behaviors, if you are interested in helping us out by taking it.

 
  1. How can I be sure that you are not stealing my password? The code is openly available in GitHub and you are more than welcome to review. Privacy and security is our utmost concern (that is what we do research on, after all!). We have analyzed the design and implementation of TypTop thoroughly including the data that we collect. We are confident that no one can learn any sensitive information from the data that we collect or store.
  2. Really, allowing typos is secure? Yes! We have conducted significant analysis of the TypTop design, which will be released shortly in an academic paper. While the analysis is a bit involved, ultimately it boils down to the fact that guessing a typo of your password is not easier than guessing your password—as long as one is careful about what counts as a typo. That's why TypTop only allows safe typos.
    Moreover, allowing typos might encourage people to choose longer and stronger passwords, as entering them will no longer be as cumbersome as it is now. Thus, TypTop might actually improve security overall.
  3. What kinds of typos are allowed in TypTop? TypTop only allows safe variants of your password. First, a typo can only differ by a single character. For example, Kutecitten versus the real password KuteCitten. Second, we ensure that a typo does not collide with an easy-to-guess password, by ruling out typos that have low scores on state-of-the-art industry strength meters (we use Dropbox's zxcvbn). Third, we make sure that a typo does not degrade the guessability of your real password, again by ensuring that the drop in score under a strength meter is not too large. For example, if your real password is Pa%ssword, then Password is not an allowed typo, as the later is much easier to guess than the former. These restrictions, taken together, ensure that typos will not be much easier to guess than your actual password.
  4. Can someone train TypTop to allow any password? No. As just mentioned, we restrict typos to be close variants of your true password.
  5. What if your software is buggy, and I am locked out? We have tested TypTop on a variety of software and hardware configurations. Even if there are unexpected problems (please contact us if so), you can go into recovery mode and remove the line auth include typtop-auth from all files in /etc/pam.d. Alternatively, you can uninstall using the command sudo typtop --uninstall in the terminal in recovery mode.
 
Rahul Chatterjee (rahul@cs.cornell.edu)
Joanne Woodage1
Yuval Pnueli1
Anusha Chowdhury
Thomas Ristenpart

1 Work done while in Cornell Tech