Malware and shoulder surfers can't determine what keys are pressed

Mar 7, 2013 09:12 GMT  ·  By

Researchers from Japan’s Science and Technology (JST) Agency have developed a clever system that protects the passwords of Internet banking users by utilizing multiple cursors that randomly move on the screen.

To make sure online banking passwords cannot be stolen by malware, many financial institutions have implemented software keyboards on which customers enter their passphrases by utilizing the mouse. However, this protection system can be beaten by malware that takes screenshots.

The passwords can also be obtained by individuals who look over the user’s shoulder in an attempt to figure out the sensitive information.

That’s why experts have come up with a system that involves up to 20 cursors that move around randomly on the screen to make it almost impossible for screen-grabbing malware or shoulder surfers to capture the password entered by the user.

“At first sight, it looks as if the user, too, will get confused which cursor is real. But when you try this system, it's surprisingly easy to understand which one is your cursor,” Keita Watanabe, researcher at the Igarashi Design Interface Project, JST, ERATO, told DigiInfo TV.

With 20 cursors moving around on the screen, there’s a 99% chance that an individual who looks at the screen, other than the user, will not be able to determine the password.

However, experts found that if the genuine cursor is moved too quickly and there aren’t enough cursors on the screen, the password could be determined. That’s why they’ve come up with a system called SymmetricCursors.

In this system, the keys are arranged in a circle and whenever the user moves the mouse over one of them, dummy cursors will position themselves above all of the other keys at the same time.

The research is only in its initial phases. Experts plan on determining the biometric relationships by studying functional magnetic resonance imaging and eye trackers.

The final goal is to find other applications for it, such as gaming.

Here is a demonstration video of the system: