HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Get a load of this password protection system. I think I like the circle idea best, the other one just looks like a swarm of bees. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Dummy Cursors Keep Your Passwords Safe
- Thread starter HardOCP News
- Start date
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
why would you use a mouse cursor to punch in a numerical password on a big fucking keypad with a computer screen in the first place?
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
It was hard to point figure out which cursor was the real one. If you're trying to get people to stop looking over your shoulder, then maybe virtual glasses maybe a good idea. Won't stop screen captures or keyloggers, but good web surfing practice would easily prevent this.
Pretty common defense against key loggers.
Zangmonkey
Supreme [H]ardness
- Joined
- Jul 6, 2005
- Messages
- 5,064
Given that they're worried about screen caps and key loggers, a video recorder would be able to determine which cursor was real.
The "fake" cursors must move to either a semi-random or algorithmic pattern. The real cursor's movement is unconstrained.
The "fake" cursors must move to either a semi-random or algorithmic pattern. The real cursor's movement is unconstrained.
spamhunter
Limp Gawd
- Joined
- Feb 16, 2013
- Messages
- 211
simple but effective
DeathPrincess
Fully [H]
- Joined
- May 15, 2010
- Messages
- 18,205
Or wear giant fluffy gloves?
Yep. Even if one couldn't determine the algorithm governing the fake cursors' behavior, the user would have to be trained to "swirl" the real cursor around, clicking when the cursor passes over the right numbers. Otherwise, the real cursor will be discernible because it will be making purposeful movements (and they'd become more obviously purposeful with repetition) from button to button.
Far better to use passwords entered by keyboard - hopefully with the option to have passwords up to as many as 100 characters - and then add further security by randomizing the number of asterisks generated with each keypress so that an observer won't even be able to figure out how many real characters make up the password. Hunters/peckers will still be at increased risk but it puts the user's whole body between a human observer and the keyboard, and it limits significantly the useful angles for remote observation.
LastQuestion
Limp Gawd
- Joined
- Jun 25, 2011
- Messages
- 454
Thumbdrive. KeePass. Was that so hard?
Complex passwords don't mean a damn thing when it comes to key-loggers. Although software could keep track of the cursors position when the mouse button clicks anyways...
Eh, Yubikey FTW.
True, but I was addressing only the visual aspect which, as you note, is all that the subject software addresses. One shouldn't install keyloggers in the first place, of course.
True, but I was addressing only the visual aspect which, as you note, is all that the subject software addresses. One shouldn't install keyloggers in the first place, of course.
On-screen keyboards are commonly used to circumvent key-loggers... this software would serve the same purpose while lessening the risk of observers finding your password.
I'll be sure to tell thieves that they shouldn't install keyloggers on fellow employees/peoples machines
Wholeheartedly agree... Thumbdrive or a Yubikey.
In Ragnarok Online, the keypad numbers even move around so even a packet sniffer wouldn't be able to get the password.
Keyloggers are rampant in internet cafe's even with the owner doing nightly restores.
Even in that video I was starting to see patterns. I got the last three digits, 825, entered at one minute. That was with 15 cursors, that guy trying to be sneaky, and me having never seen the tech before.
Get someone who is better at recognizing patterns than I am, give them a little time, and pretty soon they'll spot the real cursor every time. Like this guy: http://www.youtube.com/watch?v=UN0LvFZMKq8
Still, better than Apple making me enter my password to install an app when it's totally obvious to anyone watching what I'm putting in. Can't install anything in a public place.
Get someone who is better at recognizing patterns than I am, give them a little time, and pretty soon they'll spot the real cursor every time. Like this guy: http://www.youtube.com/watch?v=UN0LvFZMKq8
Still, better than Apple making me enter my password to install an app when it's totally obvious to anyone watching what I'm putting in. Can't install anything in a public place.
wonderfield
Supreme [H]ardness
- Joined
- Dec 11, 2011
- Messages
- 7,396
Yep. Very novel.
You could have some of the fake cursors mimic the real cursor but turned 90 degree or mirrored for a short period of time. You could also have some fake cursors intersect the real and other fake cursors so that the cursors are perfectly merged. Then have them diverge slowly from each other making following a specific cursor a nightmare.
King of Heroes
[H]ard|Gawd
- Joined
- Mar 26, 2008
- Messages
- 2,006
+1,000,000,000
Keyloggers.
You randomize the order of the numbers and the position on the screen. SO if they record mouse movements, they have recorded nothing useful. Then you do it all on screen with the mouse so you can't log keystrokes.
Do you not have online banking? Do they not do something like this, or give you one time use password tokens? If they don't you might want to bank elsewhere.