Shoulder surfing (computer security)
- Shoulder surfing (computer security)
In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it's relatively easy to observe someone as they:
* fill out a form
* enter their PIN at an automated teller machine or a POS Terminal
* use a calling card at a public pay phone
* enter passwords at a cybercafe, public and university libraries, or airport kiosks.
* enter a digit code for a rented locker in a public place such as a swimming pool or airport.
Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices. Inexpensive, miniature closed-circuit television cameras can be concealed in ceilings, walls or fixtures to observe data entry. To prevent shoulder surfing, it is advised to shield paperwork or the keypad from view by using one's body or cupping one's hand.
Recent automated teller machines now have a sophisticated display which discourages shoulder surfers. It grows darker beyond a certain viewing angle, and the only way to tell what is displayed on the screen is to stand directly in front of it.
Certain models of credit card readers have the keypad recessed, and employ a rubber shield that surrounds a significant part of the opening towards the keypad. This makes shoulder-surfing significantly harder, as seeing the keypad is limited to a much more direct angle than previous models. Taken further, some keypads alter the physical location of the keys after each keypress. For example the digit 1 may be the upper left on the first press, then moves to the bottom right for the second. Also, security cameras are not allowed to be placed directly above an ATM.
POS Terminals often available in shops, supermarkets and petrol stations are more difficult to use in a way that prevents shoulder surfing as they are often located in plain view on counters. It is good practice to shield the keypad with one hand while entering digits with your other hand.
An example of shoulder surfing is when renting a public locker, some people may choose a four digit PIN code which is the same as that for their credit or bank access card. A thief who obtains the locker code by shoulder surfing could then access the locker and take and use the credit or bank access card until the card account is blocked.
Wikimedia Foundation.
2010.
Look at other dictionaries:
Shoulder surfing — may refer to one of two things:* Shoulder surfing (computer security) * Shoulder surfing (surfing) … Wikipedia
shoulder surfing — pp. Stealing a computer password or access code by peeking over a person s shoulder while they type in the characters. shoulder surf v. shoulder surfer n. Example Citations: Telephone companies say they put a dent in this shoulder surfing by… … New words
Computer Misuse Act 1990 — United Kingdom Parliament Long title An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes. Statute book … Wikipedia
passthought — n. A thought pattern that uniquely identifies a user, giving that person access to a computer system. Also: pass thought. [Blend of password and thought.] Example Citations: Ramaswamy Palaniappan, a computer scientist at the University of Essex,… … New words
Password — For other uses, see Password (disambiguation). A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password… … Wikipedia
Automated teller machine — cash machine redirects here. For the Hard Fi song, see Cash Machine. An NCR Personas 75 Series interior, multi function ATM in the United States … Wikipedia
Two-factor authentication — (TFA, T FA or 2FA) is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi factor authentication, which is a defense in … Wikipedia
Identity theft — is a form of stealing another person s identity in which someone pretends to be someone else by assuming that person s identity, typically in order to access resources or obtain credit and other benefits in that person s name. The victim of… … Wikipedia
Virtual keyboard — This article is about the type of software. For virtual keyboard that can be projected and touched on any surface, see projection keyboard. Typing on a iPad s virtual keyboard A virtual keyboard is a software component that allows a user to enter … Wikipedia
Classified information in the United States — For information on practices in other countries, see Classified information. The United States government classification system is currently established under Executive Order 13526, the latest in a long series of executive orders on the topic.[1] … Wikipedia
