Researchers at the University of Glasgow have developed a new technology called Thermosecure. The technology uses infrared cameras and AI to accurately guess passwords typed on keyboards and phone screens.
By imaging the heat marks left on the device by the user’s fingers, the system can identify the sequence of key presses to create the password.
Thieves these days steal or watch users enter passwords in public places to access devices, making password guessing an easy way to circumvent all security measures. . ThermoSecure makes it easier for thieves to steal passwords by eliminating the need to remember passwords or record that a victim has entered them.
ThermoSecure’s success rate depends on several factors, including password length, material, and timing.
This technique is most accurate within the first 20 seconds after the password is entered, with an 86% success rate. After 30 seconds it drops to 76% and after 1 minute it drops to 62%. Long passwords reduce the effectiveness of the system, with a 67% success rate for 16-character passwords.
Meanwhile, the success rate increases to 82% for 12-character passwords, 93% for 8-character passwords, and 100% for 6-character passwords.
The effectiveness of ThermoSecure on your keyboard depends on factors such as your typing style and material. Using a 30-second-old thermal signature image, the system can guess a touch typist’s password 80% of the time, and a hunt-and-peck user’s password 92% of the time.
However, the success rate drops to 14% for keyboards made of PBT plastic and around 50% for ABS plastic. Backlit keyboards generate more heat and hide thermal fingerprints, making them safer.
Thermal cameras are easily available to thieves, making ThermoSecure a potential threat to device security.
Although there is no evidence of widespread use of this technology, users are encouraged to avoid entering passwords in public places and use biometric authentication methods whenever possible. The research highlights the need for stronger security measures to protect against guessing passwords and unauthorized access to devices.
