Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

AI is coming for your passwords by recording keyboard sounds

If you’re still resisting the urge to get rid of your typed passwords for safer options like biometrics or passkeys, this new research might spring you in action.

AI researchers have created a system that can identify passwords, just by the sound of the clacks on your computer keyboard.

Galaxy Watch 6 deal has all the freebies

Galaxy Watch 6 deal has all the freebies

Get a Galaxy Watch 6, a free strap and a £50 gift code at Currys

  • Currys
  • £289
View Deal

The researchers recorded the sound of the keys being tapped passed them through a bespoke machine learning algorithm. It was able to decipher correct passwords with more than 90% accuracy. This was for 36-key passcodes, which were typed 25 times straight. Participants in the study also used different fingers and pressure each time.

“I can only see the accuracy of such models, and such attacks, increasing,” said study co-author Dr Ehsan, worryingly (via Guardian).

The researchers at the University of Surrey fed the recordings into the machine learning algorithm which began to recognise the acoustic signature of each keystroke. The algorithm was able to pick up louder sounds from keys closer to the microphone, which offered greater clues.

And the results were emphatic. When recorded over a Zoom call, the AI guessed the correct password with 93% accuracy. It was even better when the keystrokes were recorded using a smartphone microphone next to the keyboard.

So in the doomsday example, if you’re on a Zoom call and you’re typing away and logging into accounts, it’s hypothetically possible for the recording to reveal your password to the offending party.

The researchers wrote: “With recent developments in deep learning, the ubiquity of micro-phones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever. This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone. When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.”

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.