
Is password entry being recorded on camera a realistic concern? - davnicwil
https://security.stackexchange.com/questions/197250/is-password-entry-being-recorded-on-camera-a-realistic-concern
======
kgbme
Side note, are Stack Exchange (and similar) entries at YCombinator frequent
and regular? Because, they're -already- places for discussion; although their
interface is limited strictly to technical and on-topic posts. Just curious,
if someone can indulge me..:)

EDIT: Btw., what's the question as it is _very_ broad? For example, for
personal devices 2FA is a must... Somebody there has mentioned Kanye West
using "0000", for his pwd.

ATM Skimmers is another huge issue, apparently, in certain countries: always
have to carefully inspect the machine, prior to use.

~~~
davnicwil
I posted the question there and also (re)posted here.

I think 2 things - In my opinion Stackexchange doesn't work well or at all as
a place for discussion, by design. There's only a 1-level deep comment system
and indeed discussions there, when they are attempted, are actively
discouraged and often moved over to the chat feature. HN is much better suited
for deep discussion.

Also the audience here is far broader than the audience for Information
Security Stackexchange, which is pretty niche. Since the question was well-
received there I thought it might have an above-average probability of also
being interesting for the HN audience too, who might not otherwise come across
it, so I thought I'd repost here.

> what's the question as it is very broad

Essentially my question is: is the proliferation of high res always-recording
cameras in public spaces, combined with computer vision and possible automated
scraping of creds from the footage, something that will cause a huge security
issue in the near future?

Remember that the vast, vast majority of users don't use 2FA, password
managers etc.

Could it be that username/password as a single factor (or having only a single
factor) become obsolete because of this?

~~~
kgbme
Cool, um, specifically for cell phone devices - as Lightness Races in Orbit
has mentioned in comments there - we would use like a combination of
fingerprint (or, face) auth. and plus a swipe pattern for 2FA.

A different kind of problem develops from there, because even though that
biometric data is "secured" and encrypted (has to be, right?) - your signature
still becomes available to "sync" and other system services...

We're, then, branded. No manufacturers and designers are taking steps to
ensure that this kind of (deeply personal) data stays and functions strictly
offline.

... As is the only way to keep your biometrics private (and truly secure).
Keeping it isolated from network.

So, what's the best way: a password, a passcode, to keep in your head - or, a
universal identifier which _may_ be "unhackable", but universally known - to
whoever. This can be a legit concern, no? :-s

EDIT: Right, sry, might've strayed off-topic there.

