Is password entry being recorded on camera a realistic concern?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
9
down vote

favorite












I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






passwords user-names







share|improve this question

























    up vote
    9
    down vote

    favorite












    I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



    It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



    Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



    So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






    passwords user-names







    share|improve this question























      up vote
      9
      down vote

      favorite









      up vote
      9
      down vote

      favorite











      I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



      It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



      Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



      So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






      passwords user-names







      share|improve this question













      I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



      It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



      Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



      So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?






      passwords user-names




      passwords user-names






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 1 hour ago









      davnicwil

      1464




      1464




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "162"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago














          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago












          up vote
          4
          down vote










          up vote
          4
          down vote









          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer














          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 1 hour ago

























          answered 1 hour ago









          schroeder♦

          68.7k25145183




          68.7k25145183







          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago












          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago







          3




          3




          I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
          – schroeder♦
          1 hour ago




          I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
          – schroeder♦
          1 hour ago




          3




          3




          I think the new factor with cameras is the potential for scale through both wider passive capture and automation
          – davnicwil
          1 hour ago




          I think the new factor with cameras is the potential for scale through both wider passive capture and automation
          – davnicwil
          1 hour ago












          @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
          – schroeder♦
          48 mins ago




          @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
          – schroeder♦
          48 mins ago

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');

          );

          Post as a guest
































































          Comments

          Post a Comment

          Popular posts from this blog

          Long meetings (6-7 hours a day): Being “babysat” by supervisor

          Image
          Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
          Read more

          Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
          Read more

          Confectionery

          Image
          Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
          Read more