A quick shoulder surfing hack and how to protect yourself
LEGAL DISCLAIMER: This "hack" has been performed on my own computer, for educational purposes only. Don't use it against other people's systems, unless you've been given explicit written permission by their owners. I'm not responsible for any unintended use of these instructions.
A hacker is a manipulation master and a psychology expert, too. Sometimes it's much easier to guess a password than trying to break it, if an organization doesn't enforce appropriate policies and weak passwords are used.
NOTATION: In this post I adopted a wide definition of shoulder surfing, looking toward the future, rather than sticking to a strict academical notion. Shoulder surfing is usually defined like the activity of someone who tries to look over your shoulder to grab your username/password, or other information on screen, by being personally present.
- Someone calls you on the phone (social engineering) pretending he/she's a help desk and asks you to enter username and password to a certain website without clicking Submit yet.
- You enter username and password for a website without clicking Submit and step away from your computer for a while without locking it.
The weak link of cyber security is people. Sadly there's often too much focus on technology, overlooking social and psychological components, which is a very costly mistake.