• @Vendetta9076@sh.itjust.works
    1211 months ago

    This isnt a new attack. Its been around for years. The newest scary development of this was that a website with a decent frontend was made for it but that was months ago. Use a password manager.

  • teftEnglish
    1211 months ago

    I felt a great disturbance in the Force, as if millions of mechanical keyboards suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened.

  • @Grass@geddit.socialEnglish
    1211 months ago

    Time to make a keyboard that self switches between qwerty, colemak, etc and has some sort of indicator of it’s layout, and spits out random recordings of its own key presses, and you just have to be insane to type on it correctly.

  • Alto
    1011 months ago

    Streamers especially are going to have to be incredibly careful going forward

    • @Silentrizz@sh.itjust.works
      211 months ago

      Not as much as you might think. A lot of audio communication softwares these days have some sort of background noise filter, not saying thay are perfect but they have been increasingly in effectiveness and adoption. My graphics card (nvidia) even supports it and works well. That plus my quiet switches, I’m not too worried about myself, or tech savvy streamers.

      The biggest target is probably the elderly and less tech savvy, who are also more likely to fall for scams, and probably have less password entropy (which would make this software more accurate).

      • delcake
        611 months ago

        The article addresses exactly this suggestion.

        Remember, the attack model proved highly effective even against a very silent keyboard, so adding sound dampeners on mechanical keyboards or switching to membrane-based keyboards is unlikely to help.

        • @InfiniteStruggle@sh.itjust.works
          111 months ago

          What about a touchscreen keyboard? The layout wouldn’t have to change, and there needn’t be any sounds at all.

          I know it’s shitty but for high security purposes like on a bank terminal or something, shitty but secure trumps nice but insecure, right?

      • Alto
        511 months ago

        Might be for you, but for whatever reason my brain really, really hates the tactile feel of rubber domes.

        I’ve also always had strong issues with certain textures/tactile feels in general

        • @ludwig@lemmy.world
          511 months ago

          Yeah, rubber domes suck. They are way too mushy.

          I hate how the actuation force changes a lot during a key press.

  • Dogeek
    711 months ago

    What if the keyboard is not made of homogenous switches? Some reds, silvers, blues and browns thrown randomly around the keyboard ought to defeat the model, right?

    • @winterayars@sh.itjust.works
      1111 months ago

      As long as they can’t train the model on your specific keyboard yeah. If they can it would probably be even easier for it since the keys would be more distinct.

      • Dogeek
        311 months ago

        Yeah that would make my keyboard signature even more unique. Though you could always hotswap some keys around every few weeks

  • @MomoTimeToDie@sh.itjust.works
    511 months ago

    How does that even work? Like, all the keys are generally manufactured to the same standards such that any physical difference in keys causing different sounds is a combination of user damage and random factory errors, no?

    • @Rin@lemm.ee
      111 months ago

      Probably, but it’s definitely there. I managed to tell that one of my friend’s pin had the same key twice in it because i heard the same kind of sound twice.

      • @MomoTimeToDie@sh.itjust.works
        311 months ago

        I mean sure, but “same key twice” isn’t exactly a specific character to type. I mean I hit caps lock twice typing my password for this site.

  • @Newtra@lemmy.mlEnglish
    511 months ago

    I can’t wait for passwords to be replaced with a cryptographic solution. Even with a password manager, login forms are an unnecessary waste of time.

  • _haha_oh_wow_English
    111 months ago

    What makes this new or different from previous methods? Just because “AI”?