Observation is one of the principal means of compromise of authentication methods relying on secret information such as PINs and login/password combinations. Attackers can gather this information via observation, either from without by methods such as shoulder surfing and camera-based ATM skimmers, or from within by methods such as keystroke loggers and button-overlay-based ATM skimmers. Though these vulnerabilities of PIN/password based authentication mechanisms are well known, they have been difficult to correct due to the prevalence and general acceptance of such systems -- they are used in essentially all ATMs, mobile device locking mechanisms, and most web-based authentication schemes. It is difficult to avoid at least the occasional use of untrusted public terminals and devices and the unlocking of one's mobile device in public. We therefore present our research into devices and techniques for mitigating the threat of credential compromise when doing so. These include haptic and auditory mechanisms for password entry into public terminals, mobile device tools for turning one's mobile device into an observation-resistant password entry system, and strategies and tools for secure password entry in the presence of keyloggers and other input recording devices. These techniques can successfully evade observation even when one does not have administrative control of the terminal, as in the case of internet cafe computers and public ATMs.
Zoz is a robotics interface designer and rapid prototyping specialist. He is co-founder of Cannytrophic Design in Boston and CTO of BlueSky in San Francisco. He is a visiting professor at KAIST in Korea. He is best known for the Discovery Channel shows 'Prototype This!' and 'Time Warp', and for faking a crop circle.
Andrea Bianchi is an interface inventor and designer. He is the director of the DALSMA (Digital Architecture and Large Scale Media Art) conference and is currently completing his PhD in Culture Technology at KAIST in Korea. He owns 19 pairs of glasses.