As part of my research project at the Security and Network Engineering Masters @ University of Amsterdam, I worked on building a library for that offers various flavours of typo correction. Since 2016, safe typo correction has been shown to be possible to but there is a clear lack of adoption. With the goal of democratising typo tolerance, I released tipsy!
Abstract
We implement and test a simple typo tolerant password authentication scheme as well as its personalised counterpart. Our experiments measure the security loss and give examples of the difference in security one could expect when moving from a strict authentication system to a typo tolerant one. In our tests, we use publicly available breached password datasets and mock exact knowledge attacker to mimic real-world scenarios and constraints. Our results corroborate previous studies: in practice, typo tolerant systems offer a minimal decrease in security.