If you're not already mitigating the risk of someone *hearing* you type your passwords, you should probably start... It always seemed like a probable risk, but now it's confirmed:
Discussion
Holy fuck, guess I'm muting my microphone on stream now while typing pwds
hardware switch on my cam/mic for laptop, trustable toggles on @grapheneos for mobile
Don't use general purpose computers for bitcoin security. https://airgapcomputer.com
This is pretty crazy. I guess using biometrics (e.g. Touch ID) and auto fill is now the safer option for performing an action such as logging in from a public place or coffee shop?
Problem solved. I love mine.
That will solve this problem. I love mine, used it for years.
If you're not already mitigating the risk of someone stealing 216.93 BTC because you are stupid and keeping it on a "hot" wallet, you should probably start... It always seemed like a probable risk, but now it's confirmed.
nostr:note1uthf9xhurwlv2kx3xqccqyzf9uwhcnemd3tv49rpclcywwq6gxqqxpnqwz
Are you saying we need Neuralink? :)
I'm pondering a retina scanner that combines a hash with a secret salt and does TOTP. Something that won't work if you're asleep ideally
Well, I know how to build a retina scanner if you ever need one :)
But an iris scanner is probably easier. Just keep in mind that both Iris and Retina do slightly change over a long lifespan.
If everything you have is tied to having access to your eyes you might lose everything on a simple cataract surgery.
Passkeys to the Rescue
A potential workaround is N randomly generated characters . So the screen prompts typing in those random characters and asks the user to insert password letters at random intervals. tr#fdawdftjs (in that case the password was farts and the random stream/intervals were generated by the noises in my head). There are attacks on this based on repetition, potential sound differences in chosen letters, and bad or compromised RNGs. The ratio of noise to filler matters.
So what to do.... guard? Just ensure nothing running? Hmmmm
Setup a hackerspace inside the karaoke bar.
So how are we mitigating this risk? Lol
Get an IBM Model M keyboard and they’ll never figure out what keys you’re hitting with the microphone clipping.
This is why I use a keepass vault with extremely hardened security. Key files, and auto type obfuscation. If they can get past that security they earned it..😆
100%
I switched to a permanent offline device for password store and use a QR reader for entering every password on my devices now, never use a physical keyboard. I guess I'll be safe-ish...
I read about those high res cameras in Walmart where the viewer can see whats on the cell phones and finger movements
Yikes
That's creepy
how do you handle this?
Yup. Modern day keyloggers.