IBM · Filed Jan 2, 2025 · Published Jul 2, 2026 · verified — real USPTO data

IBM Patents a System That Catches Passwords Before You Accidentally Send Them

Every so often, someone pastes their password into a chat window instead of a login box. IBM is patenting a system that catches that mistake before it leaves your device.

IBM Patent: Catching Passwords Before You Send Them — figure from US 2026/0189546 A1
FIG. 1A — rendered from the official USPTO publication PDF.
Publication number US 2026/0189546 A1
Applicant International Business Machines Corporation
Filing date Jan 2, 2025
Publication date Jul 2, 2026
Inventors Ian McPherson, Anthony Di Loreto, Adrian Kalafut, Jason Koo, Ethan Dain
CPC classification 726/6
Grant likelihood Medium
Examiner CHEN, SHIN HON (Art Unit 2431)
Status Response to Non-Final Office Action Entered and Forwarded to Examiner (May 22, 2026)
Document 20 claims

How IBM's password-interception warning actually works

Imagine you're rushing through your workday and you copy-paste what you think is a link into a Slack message, but it's actually your password. By the time you realize, it's already sent. That kind of accident is more common than people admit, and it can expose accounts instantly.

IBM is working on a system designed to catch that moment before it happens. It sits in the background, watching what you type or paste, and checks whether any of it looks like one of your saved passwords. If there's a match, it stops and warns you before anything gets sent over the internet.

The clever part is that it doesn't just check for exact matches. It generates variations of what you typed, think partial text, rearranged chunks, or mixed-case versions, and compares those against your password manager's stored list. Your passwords never leave the secure, encrypted part of the tool; only the comparison happens there.

How the permutation-matching engine spots your credentials

When you type or paste text into any input field, IBM's system intercepts that text before it gets transmitted to a server or network. It then passes the text to a password manager (a software tool that stores your credentials in encrypted form) for analysis.

Inside the password manager, the system generates a set of permutations (variations) of your typed text. This matters because a password might appear in a message in a slightly different form, mixed into a sentence, partially quoted, or with extra characters around it. Generating permutations means the system can catch near-matches, not just exact copies.

Each permutation is then compared against the list of passwords already stored in the password manager. Because all of this happens inside the encrypted password manager environment, your actual passwords aren't exposed to any outside process during the check.

If the comparison finds a match, the system alerts you before the text is sent out. The key steps are:

  • Intercept the typed or pasted text
  • Generate permutations of that text inside the password manager
  • Compare permutations against stored passwords
  • Warn the user if a match is detected, before any data leaves the device

What this means for workplace security and password managers

Accidentally sharing a password in a chat or email is a real and embarrassing security incident that happens in workplaces constantly. Most existing tools catch passwords after the fact, through monitoring or auditing. IBM's approach is preventive: it stops the send before the damage is done, which is a meaningfully different point of intervention.

For enterprise IT teams, this kind of system could integrate with existing password managers already deployed across a company, making it a practical add-on rather than a new product category. For everyday users, the idea is straightforward: a guardrail that catches the human errors that phishing, fatigue, and multitasking inevitably produce.

Editorial take

This is a genuinely useful idea with an obvious real-world application. The permutation-matching approach is the interesting technical wrinkle, catching partial or embedded passwords, not just exact copies, is what separates this from a simple string comparison. Whether IBM ships this as a product feature or it stays a patent, the underlying concept is one that security-conscious organizations should want.

Which company should we read for you?

We track 17 companies here. Pro is the same weekly breakdown for any company you choose, delivered privately. Type a name and we'll scope it and send you a quote.

Get one Big Tech patent every Sunday

Plain English, intelligent commentary, no hype. Free.

Source. Full patent text and figures from the official USPTO publication PDF.

Editorial commentary on a publicly published patent application. Not legal advice.