I've heard #cybersecurity experts often say that passwords are more secure than #biometrics, one of the reasons being that you can change your #passwords if it ever gets leaked but you can't change your biometrics. However one of the major downsides of using a password/pin for your lockscreen is that someone could simply look over your sholder to figure out your #password. These so called over-the-shoulder attacks are more common than you may think and the presence of #surveillance cameras everywhere makes the situation worse because now you could be recorded typing in your password!
So because of all these reasons I had mixed feelings about using a password/pin and tent to use biometrics whenever possible. But my opinion about passwords changed entirely after watching this 9 year old video on YouTube showing how to use the "picture password" feature on a #BlackBerry device -
The ingenuity of this system not only prevents over-the-shoulder attacks but is also fast & easy to use! I'm actually quite surprised that this never caught on to other devices because it really seems like a smart and easy solution to a common problem. Thanks to @Surveillance Report for mentioning this on your #podcast or else I would've never known about this technique.
#PicturePassword #SurveillanceReport #Security #OverTheShoulderAttack
like this
Roma likes this.
reshared this
Rokosun, Surveillance Report, Zohan 🇨🇦🔐, Jolan Blood, Okay...okay :linuxmint: and bout10bucks 🐧 reshared this.
Nils
in reply to Rokosun • • •And depending on where you live, the police might be able to force you to give them your fingerprints, but not a password.
But I fully agree that scrambled PIN pads should be more common, that helps a lot against someone just glancing over.
starbug: Ich sehe, also bin ich ... Du (english translation)
YouTubeRokosun likes this.
BB
in reply to Nils • • •P.S. I very much agree that it comes down to your own personal threat model. E.g. I haven't bothered having a password lock on my phone since the dawn of smart phones, and very grateful for all the time and hassle that saves me. But then I hardly ever use a phone, and don't have anything critical like email connected to it, so the risks involved are rather less that for most people
Rokosun likes this.
BB
in reply to Rokosun • • •Rokosun likes this.
LisPi
in reply to Rokosun • • •It seems only somewhat more secure than gesture unlock.
It might trip-up video analyzis or surveillance unfamiliar with it, but two captures seem like enough to have a very high probability of identifying the commonality. Depending on user behavior, a single observation could be enough.
The best option, I think, would be some HMD as the sole active display.
Rokosun likes this.
dieTasse
in reply to Rokosun • • •I wonder though, how many videos would be enough to crack your number and location down. Maybe even as low as two, if you overlap the pictures and see where are the numbers right before unlocking...
Rokosun likes this.
Rokosun
in reply to dieTasse • •@dieTasse @Surveillance Report
Yeah if you got recorded on video and there are multiple instances of it then you might be doomed. Randomly spacing the numbers each time could make it harder maybe, but IDK..... It's not perfect for sure.....
Scorpion8741
in reply to Rokosun • • •The AOSP-based custom OS GrapheneOS has PIN scrambling, which makes these attacks a bit harder and also improved fingerprint unlock security.
Highly recommend looking into the project because it has many amazing security features on top of AOSP, and is one of the few custom OSes with actual security researchers developing significant improvements.
https://grapheneos.org/features
GrapheneOS features overview
GrapheneOSRokosun likes this.
Rokosun
in reply to Scorpion8741 • •@Scorpion8741 @Surveillance Report
I'm aware of GrapheneOS, and I'd definitely try it out if I can get my hands on a pixel 🙃
Surveillance Report
in reply to Rokosun • • •Rokosun likes this.