Keyboards Exposing Passwords?

I love clicky keyboards - like the old school typewriter where there is that satisfying click with each keypress. I own a few different keyboards as each is slightly different and serves a different purpose. One is for my home desk, another for travel, and a completely different one for when I go to conferences. Why? I like to have pretty things and try to invest in things that make my life easier. My keyboards are different sizes. Some are Bluetooth and others are USB. 


As we went through this journey with advanced threats due to AI, I knew somewhere in the back of my mind that my clicky keyboards were vulnerable. I push each key slightly differently as I have worn keyboards out before and know exactly what keys I press the most. I buy keyboard covers because I hit certain keys more frequently and like to have a nice and clean workspace. I do remember popping off keys to clean crumbs and dust that were blocking my “s” and “d”.


Now, AI can relatively accurately predict typed words and passwords even over video conferencing which is alarming. I was thinking about all of the meetings that I went to yesterday and how many times I typed my password. The good thing is that most of the time I use my password manager to autofill the passwords. There are a few logins where that is not possible and those are the ones that I probably do not want people knowing my passwords.


So, what is the solution? Well, MFA should be the first thing that pops into your head. They can know my password and still not get in without my token or acceptance of another MFA method. Should I get a quieter keyboard - not sure that would really make a difference. It would be interesting if the accuracy went down depending on the keyboard. My laptop probably would be my biggest vulnerability because I cannot control the keyboard. Well…I mean I wonder if I change the type of keyboard I am using like switch to ANISI? Now I really want to conduct my own tests and see how vulnerable my keyboards really are to AI password sound cracking.


I am not worried much about my own passwords. I am worried about the people I get paid to secure their companies' passwords. They spend most of their days on calls and would not really know if someone is talking to them while AI is working towards figuring out what they are typing or passwords. I also am not sure how frequently they are logging in to anything during meetings as I usually am working with IT or Engineering which means logging in systems occurs very frequently.


We all knew there would be more threats with AI and that we all probably need to change how we do things to protect ourselves. Passwords have been on the chopping block for a while now. We went from please use a password to please use a complex password to please use a passphrase. Passwords are no longer recommended to change frequently. Maybe it is time for a new solution.

Comments

Post a Comment

Popular posts from this blog

Understanding Protection (SC)

Understanding Protection (SC) These controls focus on protecting system boundaries, communications, and preventing unauthorized data exposure. Let's break down the key SC controls with examples. SC-1: Policy and Procedures This foundational control requires documented policies and procedures for system and communications protection. Example: SYSTEM AND COMMUNICATIONS PROTECTION POLICY Version: 2.1 Last Updated: 2025-01-02 1. PURPOSE This policy establishes requirements for protecting the organization’s cloud infrastructure and communications. 2. SCOPE Applies to all cloud systems within the authorization boundary. 3. POLICIES 3.1 Encryption Requirements - All data in transit must use TLS 1.2 or higher - All data at rest must use FIPS 140-2 validated encryption - Key rotation required every 365 days 3.2 Network Security - All external connections must traverse a DMZ - Firewall rules follow deny-by-default principle - Monthly review of access control lists 4. PROCEDURES 4.1 Firewall ...
Read more

Security Assessment (SA) Controls

The Security Assessment (SA) family of controls, derived from NIST 800-53 Revision 5, plays a pivotal role in keeping systems secure over time. What Are the Security Assessment (SA) Controls? The SA family of controls focuses on ensuring that security controls are assessed for their effectiveness and are continuously monitored throughout the life of the system. This means checking whether the security measures in place are not only effective but remain effective and up-to-date as time progresses. For FedRAMP Moderate, these controls are crucial because: They ensure security controls are evaluated regularly. They support continuous monitoring for vulnerabilities or weaknesses. They establish corrective actions when necessary. SA-1: Security Assessment and Authorization Policies and Procedures Control Overview SA-1 requires the development of security assessment and authorization (A&A) policies and procedures. These procedures outline the process for conducting security assessm...
Read more

FedRAMP Moderate Rev 5 SI Controls

  In this post, I'll break down each SI control in FedRAMP Moderate Rev 5 and provide tips.   SI-1: System and Information Integrity Policy and Procedures The key to a strong base is well-documented policies and procedures.  For SI-1, organizations must: - Develop and maintain system and information integrity policies that address purpose, scope, roles, and responsibilities - Define procedures for implementing security controls - Review and update these documents at least annually Example:  Create a System and Information Integrity Policy document that includes: - Malware protection requirements with procedures - System monitoring procedures - Software and firmware update processes - Security alert handling processes and procedures - Error handling protocols  SI-2: Flaw Remediation Flaw remediation is key for maintaining system security.  Organizations must: - Identify, report, and correct system flaws promptly - Test software updates before deployment...
Read more