Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
This, 1000% this.
If looking at finger prints worked, it would legit be a way lower risk, cleaner way of stealing people's information than kidnapping. It's not at all comparable to over-the-top key size.
Lmao
I’ve never heard of that being used to steal a password—for one thing, it wouldn’t reveal the order in which you pressed the keys, so it would still leave n! possibilities (24 possibilities for a 4-digit pin, or 40,320 for an 8-letter password). And in any case, if someone were to examine the keys afterward, it’s more likely they could see which keys you wiped if you just wiped the ones you used (and if you wiped all of them, it would make it easier to steal the password of the next user).
The bigger thing to worry about is a hidden camera recording your key presses—and to counter that, I position my fingers over all the keys I’ll use and then move all my fingers with each press, so it’s harder to see which key was actually pressed.
I think the concern is overblown. The time it would take to try possible combinations would look very suspicious, at least at the ATMs which are embedded into actual banks in my area.
With that said, I pretend to press a few random keys whenever I use my debit card pin.
Keylogging says hi 👋
The only case I would imagine someone trying to guess/brute force the PIN using fingerprints is some sort of state level actor trying to gain access, e.g. during a search warrant
Yes you are being weird. Why do you think anyone will bother getting physical access to your device?
Money?
There's less of a risk with something hard to separate a person from like a phone, but a payment terminal is a massive target.
You are ignoring the other layers of your security.
They have to have the card you are using and you can cancel any suspicious charges you see.
No, I lick the entire keypad/keyboard after entering my pass/pin to ensure my DNA is on all keys. This is the only true path to security.
Nope. Don't you type on your keyboard anyway. Like right now I just worte a whole bunch of different letters. I don't think I put in my password so often it stands out. Same with the phone. My fingers already go all over it. I mean icons are way over one screens worth. Its not like the movied door code thing where the only input it ever gets is the code.
The numbers on my lock screen randomize their locations, so even if you saw my finger movements and grease pattern, you couldn't guess the code.
On your phone? Need an app for that?
It's a feature in GrapheneOS
No. If you've used it to input literally anything else you've already obfuscated the password (typing on keyboard, using apps on phone). Besides that, there is no telling the length, number of repeated characters, or shift combined (capital letters, symbols) involved just by looking at finger prints on a keyboard.
Two factor authentication and other layered security is low effort and more effective. If you're worried about a PIN for debit cards the greater concern is skimmers, common at gas stations and atms. The best preventative here is to become familiar with checking for those and minimizing how much money is in your debit account - keep it in savings, use a credit card instead where able.
I do clean my phone screen and keyboards occasionally just because they can get gross.
I do that at the ATM and I also double-check for scanners on the bank card input.
My phone unlock is a cluster fuck so I'm not worried about anyone who tries it. Scarier is that there's ways to bypass it, so if it gets stolen I'm kinda fucked.
I don’t wipe the keypad off but I do pull on the card slot just in case there’s a card reader, especially in bigger or new cities.
I'm a big city boi so that tracks.
if it gets stolen I'm kinda fucked.
Thats what you get for being worth something. If my phone gets stolen all that'll happen is the debt collection agencies will see that "I" have moved to China.
Is everyone here paranoid?
glances at c/privacy
Yes
IT guy here.
Nope, my phone uses facial recognition to unlock, and my computer passwords are wither random letters and numbers or a full passphrase, both of which use multiples of the same letter and different capitalizations.
Example:
Random string, similar to passwords I have used in the past:
"r82ZwQqDW"
Looking at a keyboard where you could see all characters used it would look like this:
dqrwz28 + shift
Figuring out the password above from these letter by logic is basically impossible, so they have to brute force it, only they don't know the length of the password, which uses more time.
Passphrases are even better, using something like:
CreepySmilingHorseSnortsLead2016!
Just look at all of the reused letters!
No way someone would guess that the characters acedghilmnoprsty0126 + shift would spell the password above.
Maybe a question for therapy.
Therapy would say "If you have nothing to hide, you have nothing to fear" while writing the notes on their WINDOWS Computer with Copilot Enabled. Btw my country is fascist, the more notes that get on their system is more tools to suppress dissent especially for a non-white person like me living in a white-majority country.
See: https://en.wikipedia.org/wiki/Political_abuse_of_psychiatry
Eh, therapists are not cybersecurity experts. They have no way of knowing if this is reasonable or not. Just strategies for if it is emotional.
When people say shit like this, I wonder if they've ever been.
If you are a regular-ass person using their normal phone/computer, and have no reason to suspect someone is trying to hack you, then this is some extremely paranoid behavior.
When using a public PIN pad, I cover the whole thing with my other hand and make fake button presses in between the real ones.
No, but I sanitize my phone regularly.
I check for card skimmers, but the things I would type into have so many people touching them in a day. I wipe my keyboard down at work to cut down on communicable sickness.
I've seen a lot of new what look like thick foam pads stuck to the right side of cc pin pads to prevent a new skimmer device from being overlayed on top without it being obvious.
If it's an outdoor pin pad the winter, such as a gas station, I'll touch all the keys so the thermal signature doesn't show which keys I pushed.
Not because of passwords, but I wipe down my phone screen once a day, keyboard around once a week.
No don't wipe your keyboard, you'll ruin the seasoning.
Don't worry. Im sure they wipe it down with a neutral flavored oil.
I saw a video once about how people could use thermal imaging to see what (metal) keys you pressed on an ATM, so usually I'll rest my entire hand on the keypad for a second when I'm done
Typing a password: keepass. I'm not typing my who knows how long passwords on my keyboard.
PIN Pad: I wipe it, and cover the pin pad too in case someone with good visual memory sees it.
ATM: metal pads don't blatantly show on thermal imaging, so just cover it with my hands. Also try to shake off the card reader/metal pads, they're built to resist that so if you manage to pop something off, congratulations you exposed a card skimmer.
Phone password: 32 character passcode, no Touch ID, good luck trying to get into it. If anyone can decipher it just by looking at the screen, at that point they deserve it.
I am paranoid to think of such things occasionally, which is why I can tell you that my password is long enough that it includes more than half the alphabet.
If it's an outdoor pin pad the winter, such as a gas station, I'll touch all the keys so the thermal signature doesn't show which keys I pushed.
I use my phone or something else I am holding to press the buttons so my fingers never actually come into contact with the surface; or use tap to pay which also bypasses the PIN entry on most POS systems. I also use my feet to open doors that are push to open. Thank COVID for this quirk; It has nothing to do with worrying about security lol
My screen has a matte foil on it.
Hard enough to see any fingerprint.
Lol, FBI could just bypass the lockscreen, this is more like defence against fraudsters and thieves (including identity thieves).
I was just joking that OP (you) are trying to hide something, that I would hint the FBI to catch you.
It has been my anecdotal experience that people who are overly concerned about their privacy usually have next to nothing to hide. But the people who let their freak flag fly right there on main, those fuckers are trying to pull a Kansas City Shuffle.