The present disclosure generally relates to computing devices, and more particularly to the protection of access codes.
When an access code (e.g., personal identification number (PIN)) is entered into a public terminal, the user's fingerprints are left behind. These fingerprints form an easily visible and distinctive pattern on the screen, which makes it easy for the next user of the device to determine which digits were in the previous user's password. This vulnerability also exists on personal touchscreen devices that need to be unlocked. In fact, certain setups where the user draws a pattern by dragging his or her finger on the screen are even more vulnerable than a PIN that is entered by discrete touches. A sophisticated attacker could work with an accomplice, who would wipe the touchscreen clean ahead of the target victim, meaning that the fingerprints left on the screen would only have been left by the one previous user. As more and more systems move to touchscreen interfaces, this problem becomes applicable to a broader range of situations.
A similar problem exists with PIN pads that use mechanical buttons. For example, the keypad for a home security system that has a disarm code “7740” for many years will show significantly more wear on the three digits “0,” “4,” and “7” than on the other unused digits. This significantly decreases the number of combinations an attacker would have to use to guess the disarm code correctly.