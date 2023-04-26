Man holding laptop computer with both hand.— Pexels

Researchers at the University of Glasgow have developed a new technique called ThermoSecure that uses thermal cameras and AI to guess passwords entered on keyboards or phone screens with high accuracy.

By imaging the heat signatures left by a user's fingers on the device, the system can discern the order of the keys pressed to form a password.

Thieves have recently been stealing or watching users enter their passwords in public places to access their devices, making password guessing a straightforward way to bypass all security measures. ThermoSecure widens the window for thieves to steal passwords since they no longer need to remember the password or record the victim entering it.

The success rate of ThermoSecure varies depending on several factors, including password length, materials, and timing.

The technique's accuracy is highest within the first 20 seconds of the password being entered, with a success rate of 86%. It drops to 76% after 30 seconds and 62% after a minute. Longer passwords decrease the system's effectiveness, with a 16-character password having a success rate of 67%.

Meanwhile, the success rate increases to 82% for a 12-character password, 93% for an eight-character password, and 100% for a six-character password.

ThermoSecure's effectiveness on keyboards depends on factors such as typing style and materials. With a 30-second-old heat signature image, the system can guess a touch typist's password 80% of the time and a hunt-and-peck user's password in 92% of cases.

However, keyboards made of PBT plastics reduce the success rate to 14%, while ABS plastics cut it to around 50%. Backlit keyboards are more secure since they generate more heat, hiding thermal fingerprints.

Thermal cameras are easily available to thieves, making ThermoSecure a potential threat to device security.

Although there is no evidence of the technology being used widely, users are advised to avoid entering passwords in public places and use biometric authentication methods whenever possible. The research demonstrates the need for stronger security measures to protect against password guessing and unauthorised access to devices.