According to a new study, you may soon have to protect your passwords by changing how you type. This study has revealed that deep learning audio-based password hacks can discern your password simply by listening to the way you type on your keyboard.
According to researchers involved in the study, the deep learning system was able to log keystrokes with a 93 percent accuracy rating when listening to the target typing on their keyboard. The system was taught by pressing the keys on an Apple Mac keyboard multiple times at different levels of pressure.
The researchers involved say that this kind of deep learning hack may be something we need to protect ourselves from in the future, as it could infect your mobile device and then listen in for typing whenever you have it close to a computer. If deployed to the broader world, it would make having a stronger, more random password even more critical than it already is.
Further, the researchers say it might be a good idea to change your typing styles now and then to help confuse audio-based password hacks like this. That way, you’re prepared should they ever appear in the real world. Cybersecurity is an ongoing concern as more of the world goes online, and while keystroke logging isn’t new, doing so based on audio cues is undoubtedly surprising.
“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” the researchers explained. “For example, when typing a password, people will regularly hide their screen but do little to obfuscate their keyboard’s sound.”
A password hack capable of listening in on your keystrokes would then be able to steal your password just by listening to your keyboard’s sounds with each tap. Further, an audio-based password hack could prove dangerous as it might also pick up the sounds of other keyboards around you.
Considering the vast number of sounds keyboards can make, this might be a reason to move away from mechanical keyboards. Of course, that doesn’t mean the machine wouldn’t be able to learn about those taps, too, so it’s best to prepare for the eventuality of a side-attack such as this, especially if you work somewhere cybersecurity is paramount – such as a government job.
It is exploits like this, and others, that have led many companies to start supporting Passkeys, which are physical objects that give you access to your accounts instead of requiring a password to access them.