It’s a little frustrating to think that all this effort at protecting your digital life could easily be undone by having someone simply stare over your shoulder and directly observe your personal information. Termed ‘shoulder surfing’, this is particularly effective in crowded places with little privacy, where it is relatively easy to eavesdrop on someone as they enter passwords on their mobile phone or computer. Just think about the sorts of public places you often access social media accounts or enter in bank details and you might, rightfully, start to worry about this potential threat…
Shoulder Surfing as a Global Risk
The efficiency of this hacking method was demonstrated by a 3M experiment involving 46 different companies. A white-hat hacker dressed as a security guard was assigned to walk through an office scouting for information visible on desks and monitors, to take a stack of confidential business documents off a desk and place it into a briefcase, and to use a smartphone to take a picture of important information displayed on a computer screen.
The white-hat hacker collected login credentials, financial information, and privileged and confidential documents.
The biggest issue is that nowadays you don't even need to be literally standing behind a person to capture their sensitive information. Hackers just need to take advantage of modern surveillance technology: since most public places tend to have security cameras streaming HD video, all they need to do is access them. And some security systems don't even require hacking; anyone can access them with the default username and password.
What Will These Hackers See?
To answer this you don't need to go too far back in time – just to school. Remember when you shouted “Teacher, they are copying me!” after someone peered over your shoulder? What your classmate did is exactly what others interested in sniffing out your sensitive data will be doing if they are in the same coffee shop or airport, train or any public place.
By watching over your shoulder, these people will see your login credentials to whichever online account you are logging into. And yes, that includes your access password as well, which is just as easily captured as you type it into your laptop, tablet or smartphone's keyboard. Hackers don't care how they get the info, whether they choose to compromise computers, steal laptops, or look over your shoulder at a bus stop.
How to Protect Yourself from Shoulder Surfing
Users who are aware of this security risk will take it seriously and know they have to protect themselves against it.
Use a Privacy Screen Protector
An effective method is to use privacy screen protectors on the device. 3M or other manufacturers, for example, offer such screen protectors. The advantage of this extra layer is that it blackens the screen for viewers outside the 60-degree viewing angle. Applying it onto your smartphone is a good start, but you can do the same on your laptop or desktop computer as well.
Sit Out of Sight of Cameras and Other Customers
When you choose a place to sit in a public space with plans to log in to your bank account or other highly sensitive online account, pick a spot which is out of sight of security cameras. And it is preferable that no one is sitting behind you as this eliminates the possible shoulder-surfing risk. If you end up having to sit in a place where the device's screen is unwillingly exposed (such as in an airplane – and it's not your private jet!) try to keep the device at an angle so everyone around you won't see the password.
Use Biometrics Whenever Possible
If your device is equipped with a biometric identification system, use it. In these situations, biometrics provide a fast, easy, and secure method of logging into your accounts, without exposing the password. If you’re an Apple aficionado, use Touch ID or Face ID whenever possible to log into your device, rather than typing in your password in plain sight of cameras and people in your immediate surroundings.
Use a VPN to Connect to Public Networks
If you ask a security expert for advice on how to protect your online identity, the most likely top three measures that they will suggest will be to use a strong, unique password for every account, to use a password manager to organize them, and to rely on a VPN service.
That final point is especially important when connecting to a public Wi-Fi network, which is the best place for hackers to sniff out data from naive users. Hackers don't need shoulder surfing to empty your bank account while using public Wi-Fi, all they need is just for you to check your PayPal balance once and that money will be long gone. That's why we strongly recommend using a VPN service to encrypt your online traffic, adding another layer of security to protect your online accounts.
Best Password Managers of 2020
|Editor's Choice 2020|
Get the Best Deals on Password Managers
Subscribe to our monthly newsletter to get the best deals, free trials and discounts on password managers.