Is password entry being recorded on camera a realistic concern?











up vote
121
down vote

favorite
12












I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?










share|improve this question


















  • 21




    Entering credentials in public is always a risk.
    – stackzebra
    Nov 9 at 8:12






  • 10




    Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.
    – Mindwin
    Nov 9 at 14:31








  • 4




    Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.
    – Duncan X Simpson
    Nov 10 at 4:28






  • 1




    Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my super important Instagram password hardware encrypted, I see password skimming as the smaller of two problems.
    – Damon
    yesterday








  • 2




    Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.
    – usr-local-ΕΨΗΕΛΩΝ
    21 hours ago















up vote
121
down vote

favorite
12












I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?










share|improve this question


















  • 21




    Entering credentials in public is always a risk.
    – stackzebra
    Nov 9 at 8:12






  • 10




    Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.
    – Mindwin
    Nov 9 at 14:31








  • 4




    Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.
    – Duncan X Simpson
    Nov 10 at 4:28






  • 1




    Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my super important Instagram password hardware encrypted, I see password skimming as the smaller of two problems.
    – Damon
    yesterday








  • 2




    Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.
    – usr-local-ΕΨΗΕΛΩΝ
    21 hours ago













up vote
121
down vote

favorite
12









up vote
121
down vote

favorite
12






12





I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?










share|improve this question













I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?







passwords user-names






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 8 at 15:42









davnicwil

686258




686258








  • 21




    Entering credentials in public is always a risk.
    – stackzebra
    Nov 9 at 8:12






  • 10




    Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.
    – Mindwin
    Nov 9 at 14:31








  • 4




    Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.
    – Duncan X Simpson
    Nov 10 at 4:28






  • 1




    Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my super important Instagram password hardware encrypted, I see password skimming as the smaller of two problems.
    – Damon
    yesterday








  • 2




    Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.
    – usr-local-ΕΨΗΕΛΩΝ
    21 hours ago














  • 21




    Entering credentials in public is always a risk.
    – stackzebra
    Nov 9 at 8:12






  • 10




    Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.
    – Mindwin
    Nov 9 at 14:31








  • 4




    Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.
    – Duncan X Simpson
    Nov 10 at 4:28






  • 1




    Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my super important Instagram password hardware encrypted, I see password skimming as the smaller of two problems.
    – Damon
    yesterday








  • 2




    Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.
    – usr-local-ΕΨΗΕΛΩΝ
    21 hours ago








21




21




Entering credentials in public is always a risk.
– stackzebra
Nov 9 at 8:12




Entering credentials in public is always a risk.
– stackzebra
Nov 9 at 8:12




10




10




Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.
– Mindwin
Nov 9 at 14:31






Related: Snowden's Blanket - He wouldn't use the blanket if there was no risk of seeing him type.
– Mindwin
Nov 9 at 14:31






4




4




Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.
– Duncan X Simpson
Nov 10 at 4:28




Take a look at TOTP - Time-based One Time Passwords. Typically used for 2FA, you can use them as the only factor as well. I have a few servers set up that accept either for SSH.
– Duncan X Simpson
Nov 10 at 4:28




1




1




Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my super important Instagram password hardware encrypted, I see password skimming as the smaller of two problems.
– Damon
yesterday






Well, my bank will (against my explicit consent) pay up to 50€ per transaction without my card ever being inserted in a reader, only using some wireless transponder shit, and without any security token whatsoever being provided. So, seeing how my south Korean phone unlocks on my fingerprint and keeps my super important Instagram password hardware encrypted, I see password skimming as the smaller of two problems.
– Damon
yesterday






2




2




Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.
– usr-local-ΕΨΗΕΛΩΝ
21 hours ago




Who is your adversary in the threat model? Government has such plenties of cameras, but doesn't need you to disclose your password to spy on you.
– usr-local-ΕΨΗΕΛΩΝ
21 hours ago










6 Answers
6






active

oldest

votes

















up vote
142
down vote



accepted










Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



And this is one reason why multi-factor authentication is so important; even if you know the password, you cannot use it without another factor.



I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






share|improve this answer



















  • 54




    I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
    – schroeder
    Nov 8 at 15:58






  • 8




    I think the new factor with cameras is the potential for scale through both wider passive capture and automation
    – davnicwil
    Nov 8 at 16:10






  • 3




    @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
    – schroeder
    Nov 8 at 16:38






  • 5




    @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
    – Doktor J
    Nov 8 at 20:30






  • 3




    @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
    – Bakuriu
    Nov 8 at 21:01


















up vote
47
down vote













As another example, here are some images from KrebsOnSecurity on ATM Skimmers (devices used to steal ATM credentials)





Camera 1Hidden camera behind ATM faceplate (source)



Camera 2Hidden camera glued to corner of ATM (source)



Camera 3Hidden camera on fake panel of ATM (source)





So yes, it is a very real-world concern.






share|improve this answer





















  • I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
    – fortunate_man
    2 days ago






  • 5




    @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
    – Ross Ridge
    2 days ago










  • I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
    – Wildcard
    18 hours ago


















up vote
13
down vote













Also, there have been cases reported where thermal imagers were used to extract a PIN or password from a keyboard just used to enter it - the hotter a key, if time of finger contact is about equal (heat soaks in...), the more recently it has been pressed. This might not present the password on a silver platter due to duplicate keys, different finger dwell times, but can extremely narrow the possible passwords.






share|improve this answer

















  • 18




    My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
    – Lenne
    Nov 9 at 11:02






  • 1




    @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
    – Ivan Kolmychek
    Nov 9 at 19:24








  • 2




    Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
    – Lenne
    Nov 9 at 19:46






  • 1




    @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
    – rackandboneman
    Nov 9 at 21:22






  • 4




    I think, smear traces on smart phone screens also fall in this category
    – Hagen von Eitzen
    Nov 10 at 10:15


















up vote
7
down vote













I would say yes, and high resolution imagery is not necessary. Speaking as a statistician, I don't even need to know the exact letter or numeral you touched (on a screen keyboard or regular keyboard), reducing each choice to 2 or 3 possible characters, based on the position of your fingers, makes an electronic guess of your password a tractable problem. Especially I would try likely combinations of letters that form word fragments; e.g. ([FR][EW][DE])="FEE", "FED", or "RED".



Or if numbers, I'd look for combinations that appear in numbers related to you: birthdays, anniversaries, for you, spouse, kids. Your phone number or house address.



On a screen or a real keyboard, I can see when you shift for special characters and guess what they are. And sometimes it is clear which key you hit, depending on the angle of the camera, narrowing some position to exactly one key. The camera can narrow the field of possible passwords considerably, and often in analysis that scores how well passwords match words and dates, the "right" password can be at the top of the scoring list.



For this reason, acronymic phrases can help defeat this. The idea is to memorize a phrase that means something to you, like "If the Seahawks win the championship I'll get drunk and dance a jig." Then make an Acronym: "ITSWTCIGDADAJ". You can teach yourself to replace some of these letters with numerals or special characters.



Without knowing the phrase in your mind, the password letters are random and uncorrelated, so unless the camera can tell which keys you hit exactly, it still won't be able to guess at the correct sequence by looking for matches to real words or dates.






share|improve this answer








New contributor




Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    up vote
    6
    down vote













    Yes, and this is one of many reasons that you should not be entering passwords, and for the most part should not even know your passwords, except for a password manager master password and device unlock codes/FDE passphrases. For FDE passphrases, you should enter them only when powering on the device, and only in private locations where there are no cameras or observers present.






    share|improve this answer





















    • Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      2 days ago


















    up vote
    6
    down vote













    Something that may help: Get into the habbit of "pressing" a few buttons in addition to your password.



    Say, your password is 1234. You could hit the 1 and 2, pretend to press, say, 9, and then continue your password.



    It discourages any cameras, key-wear down, or onlookers. It's certainly low grade, yes, but it deters people who have 1000 other clips of footage to go through.






    share|improve this answer








    New contributor




    Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.


















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "162"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














       

      draft saved


      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');
      }
      );

      Post as a guest
































      6 Answers
      6






      active

      oldest

      votes








      6 Answers
      6






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      142
      down vote



      accepted










      Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



      Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



      And this is one reason why multi-factor authentication is so important; even if you know the password, you cannot use it without another factor.



      I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



      So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



      The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






      share|improve this answer



















      • 54




        I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
        – schroeder
        Nov 8 at 15:58






      • 8




        I think the new factor with cameras is the potential for scale through both wider passive capture and automation
        – davnicwil
        Nov 8 at 16:10






      • 3




        @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
        – schroeder
        Nov 8 at 16:38






      • 5




        @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
        – Doktor J
        Nov 8 at 20:30






      • 3




        @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
        – Bakuriu
        Nov 8 at 21:01















      up vote
      142
      down vote



      accepted










      Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



      Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



      And this is one reason why multi-factor authentication is so important; even if you know the password, you cannot use it without another factor.



      I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



      So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



      The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






      share|improve this answer



















      • 54




        I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
        – schroeder
        Nov 8 at 15:58






      • 8




        I think the new factor with cameras is the potential for scale through both wider passive capture and automation
        – davnicwil
        Nov 8 at 16:10






      • 3




        @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
        – schroeder
        Nov 8 at 16:38






      • 5




        @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
        – Doktor J
        Nov 8 at 20:30






      • 3




        @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
        – Bakuriu
        Nov 8 at 21:01













      up vote
      142
      down vote



      accepted







      up vote
      142
      down vote



      accepted






      Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



      Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



      And this is one reason why multi-factor authentication is so important; even if you know the password, you cannot use it without another factor.



      I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



      So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



      The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






      share|improve this answer














      Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



      Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



      And this is one reason why multi-factor authentication is so important; even if you know the password, you cannot use it without another factor.



      I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



      So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



      The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 17 hours ago









      Mr. C

      1033




      1033










      answered Nov 8 at 15:46









      schroeder

      69.6k27150184




      69.6k27150184








      • 54




        I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
        – schroeder
        Nov 8 at 15:58






      • 8




        I think the new factor with cameras is the potential for scale through both wider passive capture and automation
        – davnicwil
        Nov 8 at 16:10






      • 3




        @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
        – schroeder
        Nov 8 at 16:38






      • 5




        @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
        – Doktor J
        Nov 8 at 20:30






      • 3




        @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
        – Bakuriu
        Nov 8 at 21:01














      • 54




        I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
        – schroeder
        Nov 8 at 15:58






      • 8




        I think the new factor with cameras is the potential for scale through both wider passive capture and automation
        – davnicwil
        Nov 8 at 16:10






      • 3




        @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
        – schroeder
        Nov 8 at 16:38






      • 5




        @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
        – Doktor J
        Nov 8 at 20:30






      • 3




        @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
        – Bakuriu
        Nov 8 at 21:01








      54




      54




      I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
      – schroeder
      Nov 8 at 15:58




      I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
      – schroeder
      Nov 8 at 15:58




      8




      8




      I think the new factor with cameras is the potential for scale through both wider passive capture and automation
      – davnicwil
      Nov 8 at 16:10




      I think the new factor with cameras is the potential for scale through both wider passive capture and automation
      – davnicwil
      Nov 8 at 16:10




      3




      3




      @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
      – schroeder
      Nov 8 at 16:38




      @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
      – schroeder
      Nov 8 at 16:38




      5




      5




      @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
      – Doktor J
      Nov 8 at 20:30




      @Bakuriu I might humbly suggest that not everyone lives in Italy. Especially in cases where a company has sensitive info to protect, or high-value goods, further video surveillance may be warranted to minimize liability and risk.
      – Doktor J
      Nov 8 at 20:30




      3




      3




      @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
      – Bakuriu
      Nov 8 at 21:01




      @DoktorJ That was an example. The point is: the number of situations when installing cameras to record employees at their computers in an office are extremely rare, since the office itself should be a physically controlled place. If you have outsiders/clients etc coming and going all the time that's not really "just an office" in my mind and poses different security requirements.
      – Bakuriu
      Nov 8 at 21:01












      up vote
      47
      down vote













      As another example, here are some images from KrebsOnSecurity on ATM Skimmers (devices used to steal ATM credentials)





      Camera 1Hidden camera behind ATM faceplate (source)



      Camera 2Hidden camera glued to corner of ATM (source)



      Camera 3Hidden camera on fake panel of ATM (source)





      So yes, it is a very real-world concern.






      share|improve this answer





















      • I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
        – fortunate_man
        2 days ago






      • 5




        @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
        – Ross Ridge
        2 days ago










      • I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
        – Wildcard
        18 hours ago















      up vote
      47
      down vote













      As another example, here are some images from KrebsOnSecurity on ATM Skimmers (devices used to steal ATM credentials)





      Camera 1Hidden camera behind ATM faceplate (source)



      Camera 2Hidden camera glued to corner of ATM (source)



      Camera 3Hidden camera on fake panel of ATM (source)





      So yes, it is a very real-world concern.






      share|improve this answer





















      • I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
        – fortunate_man
        2 days ago






      • 5




        @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
        – Ross Ridge
        2 days ago










      • I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
        – Wildcard
        18 hours ago













      up vote
      47
      down vote










      up vote
      47
      down vote









      As another example, here are some images from KrebsOnSecurity on ATM Skimmers (devices used to steal ATM credentials)





      Camera 1Hidden camera behind ATM faceplate (source)



      Camera 2Hidden camera glued to corner of ATM (source)



      Camera 3Hidden camera on fake panel of ATM (source)





      So yes, it is a very real-world concern.






      share|improve this answer












      As another example, here are some images from KrebsOnSecurity on ATM Skimmers (devices used to steal ATM credentials)





      Camera 1Hidden camera behind ATM faceplate (source)



      Camera 2Hidden camera glued to corner of ATM (source)



      Camera 3Hidden camera on fake panel of ATM (source)





      So yes, it is a very real-world concern.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Nov 8 at 23:07









      BlueRaja - Danny Pflughoeft

      1,7671118




      1,7671118












      • I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
        – fortunate_man
        2 days ago






      • 5




        @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
        – Ross Ridge
        2 days ago










      • I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
        – Wildcard
        18 hours ago


















      • I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
        – fortunate_man
        2 days ago






      • 5




        @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
        – Ross Ridge
        2 days ago










      • I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
        – Wildcard
        18 hours ago
















      I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
      – fortunate_man
      2 days ago




      I'd like to point out that the two ATM images are different in other ways too. For example, the card slot on the right in the ATM machine seems to have changed between the two images. There seems to be some sort of protruding card slot in the second image. What is this?
      – fortunate_man
      2 days ago




      5




      5




      @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
      – Ross Ridge
      2 days ago




      @fortunate_man It's the actual skimmer that records the data on the magnetic stripe on the card. It's what you actually want to be looking for when using an ATM, since your PIN is useless without it, but the reverse isn't necessarily true.
      – Ross Ridge
      2 days ago












      I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
      – Wildcard
      18 hours ago




      I'm surprised you didn't include krebsonsecurity.com/2012/09/…, which much more directly answers the question.
      – Wildcard
      18 hours ago










      up vote
      13
      down vote













      Also, there have been cases reported where thermal imagers were used to extract a PIN or password from a keyboard just used to enter it - the hotter a key, if time of finger contact is about equal (heat soaks in...), the more recently it has been pressed. This might not present the password on a silver platter due to duplicate keys, different finger dwell times, but can extremely narrow the possible passwords.






      share|improve this answer

















      • 18




        My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
        – Lenne
        Nov 9 at 11:02






      • 1




        @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
        – Ivan Kolmychek
        Nov 9 at 19:24








      • 2




        Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
        – Lenne
        Nov 9 at 19:46






      • 1




        @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
        – rackandboneman
        Nov 9 at 21:22






      • 4




        I think, smear traces on smart phone screens also fall in this category
        – Hagen von Eitzen
        Nov 10 at 10:15















      up vote
      13
      down vote













      Also, there have been cases reported where thermal imagers were used to extract a PIN or password from a keyboard just used to enter it - the hotter a key, if time of finger contact is about equal (heat soaks in...), the more recently it has been pressed. This might not present the password on a silver platter due to duplicate keys, different finger dwell times, but can extremely narrow the possible passwords.






      share|improve this answer

















      • 18




        My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
        – Lenne
        Nov 9 at 11:02






      • 1




        @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
        – Ivan Kolmychek
        Nov 9 at 19:24








      • 2




        Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
        – Lenne
        Nov 9 at 19:46






      • 1




        @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
        – rackandboneman
        Nov 9 at 21:22






      • 4




        I think, smear traces on smart phone screens also fall in this category
        – Hagen von Eitzen
        Nov 10 at 10:15













      up vote
      13
      down vote










      up vote
      13
      down vote









      Also, there have been cases reported where thermal imagers were used to extract a PIN or password from a keyboard just used to enter it - the hotter a key, if time of finger contact is about equal (heat soaks in...), the more recently it has been pressed. This might not present the password on a silver platter due to duplicate keys, different finger dwell times, but can extremely narrow the possible passwords.






      share|improve this answer












      Also, there have been cases reported where thermal imagers were used to extract a PIN or password from a keyboard just used to enter it - the hotter a key, if time of finger contact is about equal (heat soaks in...), the more recently it has been pressed. This might not present the password on a silver platter due to duplicate keys, different finger dwell times, but can extremely narrow the possible passwords.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Nov 8 at 22:05









      rackandboneman

      68137




      68137








      • 18




        My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
        – Lenne
        Nov 9 at 11:02






      • 1




        @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
        – Ivan Kolmychek
        Nov 9 at 19:24








      • 2




        Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
        – Lenne
        Nov 9 at 19:46






      • 1




        @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
        – rackandboneman
        Nov 9 at 21:22






      • 4




        I think, smear traces on smart phone screens also fall in this category
        – Hagen von Eitzen
        Nov 10 at 10:15














      • 18




        My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
        – Lenne
        Nov 9 at 11:02






      • 1




        @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
        – Ivan Kolmychek
        Nov 9 at 19:24








      • 2




        Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
        – Lenne
        Nov 9 at 19:46






      • 1




        @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
        – rackandboneman
        Nov 9 at 21:22






      • 4




        I think, smear traces on smart phone screens also fall in this category
        – Hagen von Eitzen
        Nov 10 at 10:15








      18




      18




      My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
      – Lenne
      Nov 9 at 11:02




      My relatively cheap chinese door lock have a (I don't know if this is intentionaly or it just happened) way off deterring shoulder-surfers: Only the first and the last n digits matters. So, if the code is 1234, if you are suspicious somebody is watching, you could enter 124579413245430234, and most snoopers would have lost track of your keys by then. All keys would have the same temperature and greasiness also.
      – Lenne
      Nov 9 at 11:02




      1




      1




      @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
      – Ivan Kolmychek
      Nov 9 at 19:24






      @Lenne but if someone can (secretly?) record you two or more times, instead of just shoulder-surfing, can't they figure out actual code by comparing few inputs? :)
      – Ivan Kolmychek
      Nov 9 at 19:24






      2




      2




      Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
      – Lenne
      Nov 9 at 19:46




      Sure, but even if something isn't 100% protection, everything which makes it harder will stop some, and delay the rest
      – Lenne
      Nov 9 at 19:46




      1




      1




      @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
      – rackandboneman
      Nov 9 at 21:22




      @Lenne that lock could be much improved by not accepting an EXACT entered number combination for several attempts....
      – rackandboneman
      Nov 9 at 21:22




      4




      4




      I think, smear traces on smart phone screens also fall in this category
      – Hagen von Eitzen
      Nov 10 at 10:15




      I think, smear traces on smart phone screens also fall in this category
      – Hagen von Eitzen
      Nov 10 at 10:15










      up vote
      7
      down vote













      I would say yes, and high resolution imagery is not necessary. Speaking as a statistician, I don't even need to know the exact letter or numeral you touched (on a screen keyboard or regular keyboard), reducing each choice to 2 or 3 possible characters, based on the position of your fingers, makes an electronic guess of your password a tractable problem. Especially I would try likely combinations of letters that form word fragments; e.g. ([FR][EW][DE])="FEE", "FED", or "RED".



      Or if numbers, I'd look for combinations that appear in numbers related to you: birthdays, anniversaries, for you, spouse, kids. Your phone number or house address.



      On a screen or a real keyboard, I can see when you shift for special characters and guess what they are. And sometimes it is clear which key you hit, depending on the angle of the camera, narrowing some position to exactly one key. The camera can narrow the field of possible passwords considerably, and often in analysis that scores how well passwords match words and dates, the "right" password can be at the top of the scoring list.



      For this reason, acronymic phrases can help defeat this. The idea is to memorize a phrase that means something to you, like "If the Seahawks win the championship I'll get drunk and dance a jig." Then make an Acronym: "ITSWTCIGDADAJ". You can teach yourself to replace some of these letters with numerals or special characters.



      Without knowing the phrase in your mind, the password letters are random and uncorrelated, so unless the camera can tell which keys you hit exactly, it still won't be able to guess at the correct sequence by looking for matches to real words or dates.






      share|improve this answer








      New contributor




      Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















        up vote
        7
        down vote













        I would say yes, and high resolution imagery is not necessary. Speaking as a statistician, I don't even need to know the exact letter or numeral you touched (on a screen keyboard or regular keyboard), reducing each choice to 2 or 3 possible characters, based on the position of your fingers, makes an electronic guess of your password a tractable problem. Especially I would try likely combinations of letters that form word fragments; e.g. ([FR][EW][DE])="FEE", "FED", or "RED".



        Or if numbers, I'd look for combinations that appear in numbers related to you: birthdays, anniversaries, for you, spouse, kids. Your phone number or house address.



        On a screen or a real keyboard, I can see when you shift for special characters and guess what they are. And sometimes it is clear which key you hit, depending on the angle of the camera, narrowing some position to exactly one key. The camera can narrow the field of possible passwords considerably, and often in analysis that scores how well passwords match words and dates, the "right" password can be at the top of the scoring list.



        For this reason, acronymic phrases can help defeat this. The idea is to memorize a phrase that means something to you, like "If the Seahawks win the championship I'll get drunk and dance a jig." Then make an Acronym: "ITSWTCIGDADAJ". You can teach yourself to replace some of these letters with numerals or special characters.



        Without knowing the phrase in your mind, the password letters are random and uncorrelated, so unless the camera can tell which keys you hit exactly, it still won't be able to guess at the correct sequence by looking for matches to real words or dates.






        share|improve this answer








        New contributor




        Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.




















          up vote
          7
          down vote










          up vote
          7
          down vote









          I would say yes, and high resolution imagery is not necessary. Speaking as a statistician, I don't even need to know the exact letter or numeral you touched (on a screen keyboard or regular keyboard), reducing each choice to 2 or 3 possible characters, based on the position of your fingers, makes an electronic guess of your password a tractable problem. Especially I would try likely combinations of letters that form word fragments; e.g. ([FR][EW][DE])="FEE", "FED", or "RED".



          Or if numbers, I'd look for combinations that appear in numbers related to you: birthdays, anniversaries, for you, spouse, kids. Your phone number or house address.



          On a screen or a real keyboard, I can see when you shift for special characters and guess what they are. And sometimes it is clear which key you hit, depending on the angle of the camera, narrowing some position to exactly one key. The camera can narrow the field of possible passwords considerably, and often in analysis that scores how well passwords match words and dates, the "right" password can be at the top of the scoring list.



          For this reason, acronymic phrases can help defeat this. The idea is to memorize a phrase that means something to you, like "If the Seahawks win the championship I'll get drunk and dance a jig." Then make an Acronym: "ITSWTCIGDADAJ". You can teach yourself to replace some of these letters with numerals or special characters.



          Without knowing the phrase in your mind, the password letters are random and uncorrelated, so unless the camera can tell which keys you hit exactly, it still won't be able to guess at the correct sequence by looking for matches to real words or dates.






          share|improve this answer








          New contributor




          Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          I would say yes, and high resolution imagery is not necessary. Speaking as a statistician, I don't even need to know the exact letter or numeral you touched (on a screen keyboard or regular keyboard), reducing each choice to 2 or 3 possible characters, based on the position of your fingers, makes an electronic guess of your password a tractable problem. Especially I would try likely combinations of letters that form word fragments; e.g. ([FR][EW][DE])="FEE", "FED", or "RED".



          Or if numbers, I'd look for combinations that appear in numbers related to you: birthdays, anniversaries, for you, spouse, kids. Your phone number or house address.



          On a screen or a real keyboard, I can see when you shift for special characters and guess what they are. And sometimes it is clear which key you hit, depending on the angle of the camera, narrowing some position to exactly one key. The camera can narrow the field of possible passwords considerably, and often in analysis that scores how well passwords match words and dates, the "right" password can be at the top of the scoring list.



          For this reason, acronymic phrases can help defeat this. The idea is to memorize a phrase that means something to you, like "If the Seahawks win the championship I'll get drunk and dance a jig." Then make an Acronym: "ITSWTCIGDADAJ". You can teach yourself to replace some of these letters with numerals or special characters.



          Without knowing the phrase in your mind, the password letters are random and uncorrelated, so unless the camera can tell which keys you hit exactly, it still won't be able to guess at the correct sequence by looking for matches to real words or dates.







          share|improve this answer








          New contributor




          Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          share|improve this answer



          share|improve this answer






          New contributor




          Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          answered Nov 9 at 23:24









          Amadeus

          1711




          1711




          New contributor




          Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





          New contributor





          Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






          Amadeus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






















              up vote
              6
              down vote













              Yes, and this is one of many reasons that you should not be entering passwords, and for the most part should not even know your passwords, except for a password manager master password and device unlock codes/FDE passphrases. For FDE passphrases, you should enter them only when powering on the device, and only in private locations where there are no cameras or observers present.






              share|improve this answer





















              • Comments are not for extended discussion; this conversation has been moved to chat.
                – Rory Alsop
                2 days ago















              up vote
              6
              down vote













              Yes, and this is one of many reasons that you should not be entering passwords, and for the most part should not even know your passwords, except for a password manager master password and device unlock codes/FDE passphrases. For FDE passphrases, you should enter them only when powering on the device, and only in private locations where there are no cameras or observers present.






              share|improve this answer





















              • Comments are not for extended discussion; this conversation has been moved to chat.
                – Rory Alsop
                2 days ago













              up vote
              6
              down vote










              up vote
              6
              down vote









              Yes, and this is one of many reasons that you should not be entering passwords, and for the most part should not even know your passwords, except for a password manager master password and device unlock codes/FDE passphrases. For FDE passphrases, you should enter them only when powering on the device, and only in private locations where there are no cameras or observers present.






              share|improve this answer












              Yes, and this is one of many reasons that you should not be entering passwords, and for the most part should not even know your passwords, except for a password manager master password and device unlock codes/FDE passphrases. For FDE passphrases, you should enter them only when powering on the device, and only in private locations where there are no cameras or observers present.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Nov 9 at 1:48









              R..

              3,95711317




              3,95711317












              • Comments are not for extended discussion; this conversation has been moved to chat.
                – Rory Alsop
                2 days ago


















              • Comments are not for extended discussion; this conversation has been moved to chat.
                – Rory Alsop
                2 days ago
















              Comments are not for extended discussion; this conversation has been moved to chat.
              – Rory Alsop
              2 days ago




              Comments are not for extended discussion; this conversation has been moved to chat.
              – Rory Alsop
              2 days ago










              up vote
              6
              down vote













              Something that may help: Get into the habbit of "pressing" a few buttons in addition to your password.



              Say, your password is 1234. You could hit the 1 and 2, pretend to press, say, 9, and then continue your password.



              It discourages any cameras, key-wear down, or onlookers. It's certainly low grade, yes, but it deters people who have 1000 other clips of footage to go through.






              share|improve this answer








              New contributor




              Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.






















                up vote
                6
                down vote













                Something that may help: Get into the habbit of "pressing" a few buttons in addition to your password.



                Say, your password is 1234. You could hit the 1 and 2, pretend to press, say, 9, and then continue your password.



                It discourages any cameras, key-wear down, or onlookers. It's certainly low grade, yes, but it deters people who have 1000 other clips of footage to go through.






                share|improve this answer








                New contributor




                Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.




















                  up vote
                  6
                  down vote










                  up vote
                  6
                  down vote









                  Something that may help: Get into the habbit of "pressing" a few buttons in addition to your password.



                  Say, your password is 1234. You could hit the 1 and 2, pretend to press, say, 9, and then continue your password.



                  It discourages any cameras, key-wear down, or onlookers. It's certainly low grade, yes, but it deters people who have 1000 other clips of footage to go through.






                  share|improve this answer








                  New contributor




                  Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  Something that may help: Get into the habbit of "pressing" a few buttons in addition to your password.



                  Say, your password is 1234. You could hit the 1 and 2, pretend to press, say, 9, and then continue your password.



                  It discourages any cameras, key-wear down, or onlookers. It's certainly low grade, yes, but it deters people who have 1000 other clips of footage to go through.







                  share|improve this answer








                  New contributor




                  Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer






                  New contributor




                  Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered 12 hours ago









                  Kyle

                  611




                  611




                  New contributor




                  Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  Kyle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






























                       

                      draft saved


                      draft discarded



















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest




















































































                      Popular posts from this blog

                      How to change which sound is reproduced for terminal bell?

                      Can I use Tabulator js library in my java Spring + Thymeleaf project?

                      Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents