She Cracked my Hotmail Password: a sad shoulder surfing story

      

 
 


 

 

Ever type in your password at work and notice that there is someone standing behind you watching your fingers very closely as if trying to decipher you password? This is known as "Shoulder Surfing."

If you don't think it is possible to eyeball someone's keystrokes and know their password, think again.

In the '90s, I didn't know much about computers or computer security. I was a military cop well versed in physical security and air base ground defense and only used computers for screwing around. My passwords were as easy as possible so I could remember them.

I didn't fully appreciate the importance of having a strong password until my wife hacked my Hotmail account. No big deal right... WRONG. Like I said I was screwing around. I was big into flirting in chat rooms and on email. I was just having fun with what I thought were beautiful young ladies, but who (realistically) were probably neither beautiful or young or (shedding a tear) ladies.

I'd been spending so much time online with chatrooms and EverQuest (a.k.a EverCrack) that my wife started to get very jealous of the computer and suspected I was up to something. So she shoulder surfed me one night, got my password, and got into my account while I was at work.

To make a long story even longer, my wife went crazy. She called my job screaming, I had to respond to my own house, my weapon was taken away (this is like being neutered for a cop), and the beautiful young lady that I was chatting with.... It was a man (yeah, it was like a cyber Crying Game). Needless to say, I don't do much of ANY chatting these days. But I digress.

Here are some techniques I have developed to make sure that NO ONE shoulder surfs me again:

1) Make sure no one is around. Before you even think of logging in CYS, cover your 6'oclock. You never know when some stealthy ninja is waiting to eyeball your keystrokes, get your codes and slice your throat by pale moon light. Or worse, your wife could be trying to crack your Hotmail account. If you happen to be in the open (at an ATM machine for example) be aware than someone could use binoculars to get your pin number or password, always block what you are typing used the shoulder block technique.

2) Make difficult passwords. After my wife broke into my Hotmail account, I started a campaign to make my passwords extremely difficult to get from shoulder surfing. They are very long (at least 8 characters when ever possible), use upper and lowercase, a combination of letters, numbers, and special characters. I also type them they fast. Special characters are hard to pick out as they usually require two keys. If special characters are not an option, I recommend making it as long as possible with a phrase you remember or at least upper and lower case with numbers.

3) Trust No One. Or at least be smart enough to know who you can trust with what. And if your going to "cyber cheat" don't be an idiot like me and get shoulder surfed by your spouse.

4) Shoulder block technique. This works best on pin codes on doors. Most IT geeks and Intel elitists that work in secured areas have the "shoulder block" technique down to a science. Here is how it works, as soon as you approach a door to a secured area put your body between the shoulder surfers eyes and the key pad then type as fast as you can. If you are sitting turn your whole back to them and lean slightly over the keyboard to obstruct there view.

5) Delay. Some shoulder surfers will stand there behind you and wait for you to type. Your best bet is to out wait them by BSing about world events or the weather. If the shoulder surfer actually prompts you to login because he/she wants to show you something on the Internet, use the "shoulder block technique."

 

The truth is that anyone can be a shoulder surfer if your password is really weak or you type your pin code very slow and display it for everyone like an instructional video. I've shoulder surfed people by accident which is why I typically avert my eyes when people type. I don't even want to be tempted to hack their account.

Shoulder surfing is serious. Have you notice how much more we are using codes, pin numbers, passwords, phone numbers, social security numbers and ID numbers to access all kinds of critical information? You think we will be more or less depended on these special numbers in the next 5-10 years? At the current rate of change, the answer is obvious.

Protect your digital signature. Your digital signature consists of one or a combination of the following:

Social Security Number

Phone number

Address

Account info

Name

Date of Birth

Driver's license number

Mother's Maiden name

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

       

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.