Jeff's InfoSec Blog

Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.

Blogs

Trapping passwords by listening to typing

  • Comments 2
  • Likes

An interesting paper to be published shortly by three clever people at UC Berkeley reports that without training (other than a 10-minute recording of someone typing) a recognition algortithm can be built to derive what is being typed, including passwords.  There are many caveats here, including the requirement that the typist is typing in one language (they used English) and that the recognition rate is far from 100%.  But nevertheless it provikes thought.

So what does this tell us?  First off, relying solely on passwords is a bad idea -- even if this attack wasn't possible, there are just so many others.  Two-factor authentication is not foolproof but it does greatly reduce the risk.

Second, this reiterates the old saw about physical access.  If I can get close to your PC then I have a reasonable chance of obtaining your user ID and password.

Type quietly, everyone!

Comments
  • Hi you are good! I’m a poet too, though not as good as you. You have such a great potential. Keep it up

    <a href="http://alaminos.net">Kabonfootprint</a>

  • This article remember that movie with Angelina Jolie in Brazilian portuguese called "hackers" - A guy walking to capture passwords during typing in a office.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment