Is password entry being recorded on camera a realistic concern?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
9
down vote

favorite












I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?










share|improve this question

























    up vote
    9
    down vote

    favorite












    I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



    It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



    Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



    So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?










    share|improve this question























      up vote
      9
      down vote

      favorite









      up vote
      9
      down vote

      favorite











      I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



      It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



      Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



      So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?










      share|improve this question













      I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras may become commonplace in other devices like glasses.



      It has occurred to me, when out in public and entering my username/password into apps on my phone and laptop, that if a camera could capture both my screen and my keyboard, it could be fairly straightforward for a viewer to grab or guess my credentials from the footage assuming a high enough resolution image and the view not being (too) obscured.



      Without going too much into the details of how it would be implemented, the accuracy and cost etc, I have a background in image processing and so am also aware that this would likely be automatable to at least some degree.



      So I thought I would ask the community here if this is actually a viable risk? Have there been any known instances of it happening already? Are people thinking about this with respect to the viability of plaintext credential entry into apps in the long run?







      passwords user-names






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 1 hour ago









      davnicwil

      1464




      1464




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "162"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago














          up vote
          4
          down vote













          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer


















          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago












          up vote
          4
          down vote










          up vote
          4
          down vote









          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.






          share|improve this answer














          Lots of examples. A high-profile and recent example is when Kanye was caught on camera entering his "00000" password to unlock his device.



          Shoulder-surfing is one reason why applications do not display the password text on the screen, but show ****** instead.



          And this is one reason why multi-factor authentication is so important. If you know the password, you cannot use it without another factor.



          I have even seen viable research into capturing the sound of the keyboard when a user types the password, even over the computer's microphone.



          So, yes, you describe a viable risk that the industry has been addressing for a long time. The specifics of high-res cameras is just not a significant enough of a new factor to consider. Shoulder-surfing and keyloggers are a current risk.



          The industry knows that it needs to develop something better than passwords, and there are many active attempts to do so, but nothing is mature or stable enough yet.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 1 hour ago

























          answered 1 hour ago









          schroeder♦

          68.7k25145183




          68.7k25145183







          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago












          • 3




            I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
            – schroeder♦
            1 hour ago






          • 3




            I think the new factor with cameras is the potential for scale through both wider passive capture and automation
            – davnicwil
            1 hour ago










          • @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
            – schroeder♦
            48 mins ago







          3




          3




          I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
          – schroeder♦
          1 hour ago




          I would also add that there has been a case where a high-res photo was taken of a finger and used to create a replica fingerprint and used to open the biometrics of a phone. So, yes, cameras are a threat.
          – schroeder♦
          1 hour ago




          3




          3




          I think the new factor with cameras is the potential for scale through both wider passive capture and automation
          – davnicwil
          1 hour ago




          I think the new factor with cameras is the potential for scale through both wider passive capture and automation
          – davnicwil
          1 hour ago












          @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
          – schroeder♦
          48 mins ago




          @davnicwil yep, that's a good point too. When designing the camera placement in an office building, we had to perform a number of calculations on the risks of capturing people typing. What I'm saying is that the problem space is far from new.
          – schroeder♦
          48 mins ago

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197250%2fis-password-entry-being-recorded-on-camera-a-realistic-concern%23new-answer', 'question_page');

          );

          Post as a guest













































































          Comments

          Popular posts from this blog

          What does second last employer means? [closed]

          Installing NextGIS Connect into QGIS 3?

          One-line joke