Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]

Multiple cursorsHere’s an interesting piece of work being done by boffins at the Japan Science and Technology Agency (JST).

Many of us are aware of the problem of spyware, designed to snoop upon our computers, and steal files and data.

One common weapon in spyware’s arsenal is the ability to seize passwords by intercepting keypresses (known as keylogging) as users log into their email or access their online bank accounts.

Some banks have, of course, responded to this by producing virtual keyboards on their login pages which don’t require you to type a password – but instead choose the correct sequence of letters and numbers with your mouse instead.

Virtual keyboard

Of course – as is seemingly always the way with the cybercrime arms race – motivated malware writers responded to this defence, and developed more sophisticated spyware which took screenshots or even a mini-movie in order to grab passwords.

Sign up to our free newsletter.
Security news, advice, and tips.

And that’s what the Japanese researchers hope to have defeated with their new system. By having multiple cursors randomly moving across the screen, they hope it might make it nearly impossible for passwords to be captured by screen-capturing spyware or shoulder surfers.

Dummy cursors keep your passwords safe from prying eyes #DigInfo

It’s certainly a fun video, and might make things tricky for a password thief looking over your shoulder – but would it really defeat cybercriminals?

If the Japanese system was widely adopted, is it not possible that – just as malware authors evolved their attacks to steal screenshots rather than just grab keypresses – malware would be developed which would interrogate the computer and ask for the co-ordinates of the mouse cursor?

A screenshot could then be taken with the real cursor’s location highlighted in red.

I hate to be a wet blanket, but I’m not convinced this fun research spells the end to password stealing.

What do you think of this research? Do you think it would be a good think if online banks and others adopted it? Or is it just a bit of fun? Leave a comment with your thoughts below.

Hat-tip: Diginfo via Softpedia

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.