Different methods to safeguard a user's personal identity when logging in on a machine such as a computer system are well-known.
Some of these methods use biometrics or voice recognition technology or other recognition methods. A common characteristic of those methods is to apply intrusive procedures to the user such as submitting to fingerprinting or having his/her face or iris scanned. Whereas such technologies offer a robust identification mechanism, the incorporation of recognition sensors within existing machines can be a fastidious operation.
Moreover, these technologies still require a physical keyboard as a primary means to access a system network via personal authentication information such as a password.
The password generally consists of a code, typically an alphanumeric combination, which is uniquely associated with a user. The password is the confidential authentication information to be exploited by a verification system that checks the identity claimed.
Each time a user logs on to a computer, he/she enters his/her password via the physical keyboard. Keyboard layouts are different from one region to another, as some keyboards contain may 101 keys (e.g., for US zones) while others may have 102 keys (e.g., for French zones) or 112 keys (e.g., for Japan zones). Most keyboard layouts are AZERTY or QWERTY, while others are QWERTZ or can be completely different, like a Dvorak keyboard.
The keyboard layout is generally defined by an “Input Locale” which is a combination of an input language with an input method. Specifically the Input Locale describes the language being entered and how it is being entered. Moreover the keyboard layout is set by using regional and language options, like “glyph characters”, even if the basic keypad still reflects the “Latin character” layout.
In today's world, the use of the “Latin character” keyboard layout is the common way to gain access to a system for legitimate users. Whereas everyone is familiar with such a standard keyboard layout, it becomes easy to eavesdrop on a user when the user enters a password when logging on.
Moreover, the new trend of working conditions creates workplaces completely barrier-free with no partitions separating workstations. In such open-space structures, any attacker can easily exploit the open-space security weaknesses by illegitimately observing (e.g., over the shoulder) the password a legitimate user is entering.
This technique of password eavesdropping can be extremely effective to gain unauthorized access to a system, particularly, when people or individuals are located in a workplace, such as an open-space.
Whereas some of the existing password protection portals can be safe against fraudulent use, they are still exposed to security risks.