If you’re still resisting the urge to get rid of your typed passwords for safer options like biometrics or passkeys, this new research might spring you in action.
AI researchers have created a system that can identify passwords, just by the sound of the clacks on your computer keyboard.
Galaxy Watch 6 deal has all the freebies
Get a Galaxy Watch 6, a free strap and a £50 gift code at Currys
- Currys
- FREE STUFF!
- £289
The researchers recorded the sound of the keys being tapped passed them through a bespoke machine learning algorithm. It was able to decipher correct passwords with more than 90% accuracy. This was for 36-key passcodes, which were typed 25 times straight. Participants in the study also used different fingers and pressure each time.
“I can only see the accuracy of such models, and such attacks, increasing,” said study co-author Dr Ehsan, worryingly (via Guardian).
The researchers at the University of Surrey fed the recordings into the machine learning algorithm which began to recognise the acoustic signature of each keystroke. The algorithm was able to pick up louder sounds from keys closer to the microphone, which offered greater clues.
And the results were emphatic. When recorded over a Zoom call, the AI guessed the correct password with 93% accuracy. It was even better when the keystrokes were recorded using a smartphone microphone next to the keyboard.
So in the doomsday example, if you’re on a Zoom call and you’re typing away and logging into accounts, it’s hypothetically possible for the recording to reveal your password to the offending party.
The researchers wrote: “With recent developments in deep learning, the ubiquity of micro-phones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever. This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone. When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.”
You might like…
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
