Is password entry being recorded on camera a realistic concern?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
9
down vote

favorite












I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






passwords user-names







share|improve this question

























    up vote
    9
    down vote

    favorite












    I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



    It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



    Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



    So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






    passwords user-names







    share|improve this question























      up vote
      9
      down vote

      favorite









      up vote
      9
      down vote

      favorite











      I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



      It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



      Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



      So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






      passwords user-names







      share|improve this question













      I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



      It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



      Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



      So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






      passwords user-names




      passwords user-names






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 1 hour ago









      davnicwil

      1464




      1464




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "162"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago














          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago












          up vote
          4
          down vote










          up vote
          4
          down vote









          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer














          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 1 hour ago

























          answered 1 hour ago









          schroeder♦

          68.7k25145183




          68.7k25145183







          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago












          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago







          3




          3




          I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
          – schroeder♦
          1 hour ago




          I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
          – schroeder♦
          1 hour ago




          3




          3




          I think the new factor with cameras is the potential for scale through both wider passive capture and automation
          – davnicwil
          1 hour ago




          I think the new factor with cameras is the potential for scale through both wider passive capture and automation
          – davnicwil
          1 hour ago












          @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
          – schroeder♦
          48 mins ago




          @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
          – schroeder♦
          48 mins ago

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');

          );

          Post as a guest
































































          Comments

          Post a Comment

          Popular posts from this blog

          Long meetings (6-7 hours a day): Being “babysat” by supervisor

          Image
          Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
          Read more

          What does second last employer means? [closed]

          Image
          Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote -3 down vote favorite Say, for example I have worked in the following companies, Company A => 2010 - 2011 Company B => 2011 - 2012 Company C => 2012 - Till Date Company D => Have offer Now assume Company D is asking to submit documents from my second last employer. So from the list of companies given, which company would be qualified as second last employer? software-industry employer share | improve this question asked Aug 10 '14 at 5:16 Rajaprabhu Aravindasamy 559 1 6 13 closed as off-topic by Jim G., jmort253 ♦ Aug 11 '14 at 1:58 This question appears to be off-topic. The users who voted to close gave this specific reason: "Questions seeking advice on company-specific regulations, agreements, or policies should be directed to your manager or HR department. Questions that address only
          Read more

          One-line joke

          A one-liner is a joke that is delivered in a single line. A good one-liner is said to be pithy - concise and meaningful. [1] Comedians and actors use this comedic method as part of their act, e.g. Jimmy Carr, Tommy Cooper, Rodney Dangerfield, Norm Macdonald, Ken Dodd, Stewart Francis, Zach Galifianakis, Mitch Hedberg, Anthony Jeselnik, Milton Jones, Shappi Khorsandi, Jay London, Mark Linn-Baker, Demetri Martin, Groucho Marx, Dan Mintz, Emo Philips, Tim Vine, Steven Wright and Henny Youngman and Arnold Schwarzenegger. [ citation needed ] Many fictional characters are also known to deliver one-liners, including James Bond, who usually includes pithy and laconic quips after disposing of a villain. [ citation needed ] Examples "A baby seal walks into a club." "A dyslexic man walks into a bra." (Anonymous) "There are three types of people, those who can count and those who can't." "Venison's dear, isn't it?" (Jimmy Carr) "An escala
          Read more