If you’re still resisting the urge to get rid of your typed passwords for safer options like biometrics or passkeys, this new research might spring you in action.
AI researchers have created a system that can identify passwords, just by the sound of the clacks on your computer keyboard.
Galaxy Watch 6 deal has all the freebies
Get a Galaxy Watch 6, a free strap and a £50 gift code at Currys
The tool records the sound of the keys being tapped and run through a bespoke machine learning algorithm and was able to decipher passwords with more than 90% accuracy. This was for 36-key passcodes which were typed 25 times straight. Participants in the study also used different fingers and pressure each time.
“I can only see the accuracy of such models, and such attacks, increasing,” said study co-author Dr Ehsan, worryingly (via Guardian).
The researchers at the University of Surrey fed the recordings into the machine learning algorithm which began to recognise the acoustic signature of each keystroke. The algorithm was able to pick up louder sounds from keys closer to the microphone, which offered greater clues.
The results, though, were emphatic. When recorded over a Zoom call, the AI guessed the correct password with 93% accuracy. It was even better when the keystrokes were recorded using a microphone next to the keyboard.
So in the doomsday example, if you’re on a Zoom call and you’re typing away and logging into accounts it’s hypothetically possible for the recording to reveal your password to the offending party.
The researchers wrote: “With recent developments in deep learning, the ubiquity of micro-phones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever. This paper presents a practical implementation of a state-of-the-art deep learning model in order to classify laptop keystrokes, using a smartphone integrated microphone. When trained on keystrokes recorded by a nearby phone, the classifier achieved an accuracy of 95%, the highest accuracy seen without the use of a language model.”