3

I'm talking about an unknown or undetected physical presence who may be looking over your shoulder as you view or type in sensitive information or passwords. Most likely to happen when you are supremely focused or using headphones, so not fully aware of your surroundings. What about a device to warn you, or automatically perform some function on your computer to secure the information being displayed?

André Borie
  • 12,706
  • 3
  • 39
  • 76
rommel
  • 31
  • 2
  • If you are so worried about protecting your password, you may also worry about [typing noise](https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html) – Neil Smithline Jul 01 '16 at 23:05
  • 1
    Related thread, but limited to password input: [How should I securely type a password in front of a lot of people?](https://security.stackexchange.com/q/110676/32746) – WhiteWinterWolf Jul 02 '16 at 07:46
  • Welcome on Security SE. For information, opinionated question, product recommendations and, more generally, questions where [*"every answer is equally valid"*](https://security.stackexchange.com/help/dont-ask) do not fit really well in StackExchange's Q&A format and are therefore to be avoided. However, I did not find any question yet precisely addressing shoulder surfing and it is a common concern, so I still personally think that having such a question would be beneficial for this site. – WhiteWinterWolf Jul 02 '16 at 07:58
  • My [answer here](http://security.stackexchange.com/a/111471/45733) has a few links to research on authentication shoulder surfing countermeasures that you might find useful. – PwdRsch Jul 02 '16 at 18:41
  • Possible duplicate of [Observable password inputs](http://security.stackexchange.com/questions/110945/observable-password-inputs) – Ohnana Jul 02 '16 at 19:39
  • One solution I've seen co-workers do to mitigate pesky management sneaking up behind them is to put a small $0.99 convex mirror on the corner of the monitor. Simple problems warrant simple solutions :) – Ivan Nov 29 '16 at 16:38

3 Answers3

3

Yes. There are 'screen-protectors', or anti-glare protectors. A kind of foil you put on your screen so you can only see your screen in a specific angle (your angle). The other person would have hard times viewing your screen. NSA-employees are forced to use this.

Also, on most Unix(-like) systems when you put in your password in the terminal, no asterisk-symbols (*) or characters appear. That's for the same reason. Also for screen-capturing.

Snowden also used a blanket which he put over his head and keyboard when typing in passwords, this to protect against hidden cameras.

And people even experimented with filter-foils to make 'secret-screens'. Screens you can only see with special glasses. https://www.youtube.com/watch?v=zL_HAmWQTgA

But if you really want a device though, you could use a kind of laser alarm system, or beep-alarm when someone passes. You can buy one on Amazon for €/$20 making your own small one. However, I don't think people would appreciate it if you set this up in your public work office.

pri
  • 4,438
  • 24
  • 31
O'Niel
  • 2,740
  • 3
  • 17
  • 28
  • 2
    https://nowthatsnifty.blogspot.com/2009/10/security-sweater.html – Neil Smithline Jul 01 '16 at 23:02
  • Yes, something that beeps would be rather obnoxious. Rather have something that gives me a silent alert on the screen. – rommel Jul 02 '16 at 03:30
  • Related thread: there is an discussion here on StackExchange dedicated to Snowden's blanket: [In CitizenFour, what was Edward Snowden mitigating with a head blanket?](https://security.stackexchange.com/q/82362/32746) – WhiteWinterWolf Jul 02 '16 at 07:41
1

There are some devices like that, but there's actually an easier approach.

If you really want to keep your screen from being seen then you can make your screen a privacy screen. When someone tries to look at this from odd angles, they can't see anything but dark grey. The screen filters are easy to find at many online retailers(search privacy screen filter). They come in both desktop and laptop sizes and applications.

Of course if you want to go the extra mile there exists a way to make the screen completely unusable by anyone who doesn't have a special pair of polarized filter glasses. To everyone but people with those glasses the screen is completely white! To do this you need to remove the polarized filter from your screen, and install a polarized filter into a pair of glasses(plastic glasses with pop out lenses work well for this).

  1. Remove the polarized filter from your screen with an Xacto knife(be careful not to damage the underlying surface)
  2. Pop the lenses out of the plastic glasses and trace the lens shape and size and cut it out of the polarized filter to be used as replacement lenses
  3. Wear the glasses and look at the screen

There are also more novelty approaches such as "Security Sweaters" and screen shrouds... but those are often bulky and funny looking. That and you can't see anything but the screen then and it really blocks you in.

Of course if you want to go a little less involved you can find programs that use your Webcam as a motion detector to show an on screen alert. If they detect someone behind you the screen has a little alert that pops up. Search Web cam motion alarm and you should find some

Robert Mennell
  • 6,968
  • 1
  • 13
  • 38
  • Wow! A little elaborate with the work involved, but an interesting idea nonetheless. Wearing the glasses would be a bit of a pain. – rommel Jul 02 '16 at 03:31
  • most sunglasses good and cheap are polarized, so i don't think that factor adds much security... keeping the brightness down to a minimum so that you can barely see it head-on is free. – dandavis Jul 04 '16 at 00:26
  • @dandavis http://electronics.howstuffworks.com/lcd2.htm this should explain why that probably won't happen. The polarizing layer on top of the LCD screen is a very specific one to match the one on the bottom of the screen. – Robert Mennell Jul 05 '16 at 19:19
  • ok, so an attacker would have to tilt his head or look down and then sideways? what's meant by specific polarization? – dandavis Jul 05 '16 at 19:23
  • no, they would have to have a specific polarization pattern. Most sunglasses are polarized for specific angles/times of polarized light waves. Polarized Glasses Lenses != Polarized Light filter. The patterns of polarization are vastly different. – Robert Mennell Jul 05 '16 at 19:27
1

Use a password manager for as many passwords as possible. Many gives you the option of copying the password to the clip board, so that you can paste it into the password field without ever displaying it on the screen or entering it on the keyboard.

Off course you still need to type the master password for the password manager and probably a password to log you onto your system. For these, the other answers have interesting suggestions.

Anders
  • 64,406
  • 24
  • 178
  • 215