Use a strong password, you’ve been told! One that combines lowercase, uppercase, numbers, symbols, and space. The password should be at least eight characters to make it super strong for would-be hackers to guess.
The problem with strong passwords is that they are a problem by themselves. The immediate problem is remembering such a complex password; that weird text string proves really hard for the average person to remember. However, you can always have a password manager to do the remembering for you, provided you give it (the password manager) a strong password, but one you will not easily forget.
So you got your password manager, managing all the strong passwords across your various multiple online accounts. So you are safe, right? Wrong!
It turns out hackers can read off your keypress from your keyboard by the heat your fingers leave behind. Spooky huh?! That is according to a new study by researchers at the University of California, Irvine.
While speaking to Bleeping Computer, Prof Gene Tsudik who was also working on the study, said: “It’s a new attack that allows someone with a mid-range thermal camera to capture keys pressed on a normal keyboard, up to one minute after the victim enters them.
If you type your password and walk or step away, someone can learn a lot about it after-the-fact.”
For the hack to work, the would-be hacker needs to place a thermal camera in clear view of the target’s keyboard. He can then play back the footage to decode the exact keys pressed by the victim.
During the researchers’ trials, they had 31 participants use four types of keyboards to enter their passwords. Then, they asked some eight people (not experts) to derive the keys pressed by the participants from the footage taken by the thermal camera.
The result showed that the thermal data recorded up to 30 seconds later were good enough to clearly make out the keys pressed and accurately determine the user’s password. The researchers hope that their finding could be used to close this loophole by encouraging OEMs to produce keyboards that do not leave heat-signature of the fingers during typing.
