The early 1960s saw the release of the hugely popular single “Needles and Pins”.

While needles have decidedly fallen out of favor, being the sharp pointy instruments of pain that they are, PINs are still very popular – especially with the tech world.

Whenever we visit an ATM or supermarket, there is a definite tendency to punch in PIN numbers using an index finger. Often, no care is taken to cover the hand and disguise the number being punched. It is important to realize that a bystander can easily obtain your PIN simply by observing you, even standing a couple of meters away. This is especially true at ATMs as the number keypad is often quite large and contains adequate spacing in between the numbers.

Ask someone if they believe that only they know the PIN and you will almost always get the response that they indeed feel safe that only they know the number.

While they may feel a good level of confidence, the reality is that a bystander can find out what the PIN is, let alone someone with the intent to discover what your number is. This type of activity is known as shoulder surfing, and it can have dire repercussions for the security of your personal data and identity. While in the case of an ATM, a criminal still requires your actual bank card in order to illicitly withdraw money, shoulder surfing in the office environment can have more direct and immediate consequences.

In an office, due to the proximity of people working together, your awareness may become slack. What happens is that someone in the office may, even without intent, take a peek over your shoulder and see what you’re working on. If there is intent, then confidential documents and even passwords could be at risk because you’re not expecting something like that to happen in the office. Such situations become even more complex because our world is so dependent on digital devices, with multiple devices – tablets, smartphones and laptops often sharing the same password.

With a few simple precautions you can mitigate these risks, without becoming too paranoid.

  1. Try to position your monitor so that people directly behind you cannot clearly see what’s on your screen
  2. Rather than typing passwords with index fingers, touch typing helps to obfuscate your sequence… provided it is not “asdfg” or “qwerty”
  3. Do not use the same password for multiple accounts. With different passwords, if one of them is compromised, the others will not be.
  4. Never leave your password on a post-it note, blue-tacked to your monitor!

And the moral of the story:

Protecting something with a password only makes it as secure as the person holding the key. While you can never be 100% secure, it never hurts to take a few simple precautions to safeguard your passwords and PINs. The needles can be left to fend for themselves…


Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.