|Public manual-key-entry security has been lax since its 1970's inception: The challenge was key-sniffing; In 1980, I proposed a thin SafeCard© solution for bank-account access via vendor POS terminals, with built-in-IC encryption and digit keys for password and data, provided by the customer's bank--ensuring secure access; But, SafeCard© is decades late and the Internet needs it too... An immediate remedy is to use a visual auto-encryptor easy for the user to read and log-in but ineffectual of machine-time to guess|
[Related: 26+2 key alphanumerics; and 16-key ZooMath Glorified Adding Machine do-all RPN calculator.]
Log-in password input-entry needs not only non-echo nonreadability (typically asterisks echoed in lieu of typed characters, exposing little information but that keys are depressed) and https-secure transmission (typically 40- or 128-bit SSL) but anti-keysniffing in the computer Internet "browser windows" and software. It is also wise to hide keycap fingerings from camera views ... But strongest simply altogether prevents direct knowledge of key-fingerings and key-values from being decoded, a "clear code" relying on what the enterer sees and thinks rather than does. (Cameras watching the eyes are also a concern, but not nearly as readable as key-fingerings, n'even two-handed all-fingers-downing slightly-sequenced or one-touching-only by clever manual dexterity.)
Short of off-PC encryption-equipment like SafeCard© using four short-stroke tactile-pressure keys (or futuristic finger-tip-nerve-impulse retroflection) for log-in, a web-page must provide an easy-to-read-and-use encrypting key-map not-easy for a virus-program to sniff, not-easy for a fast computer to decode, not easy for a human to assist reading, not easy for a camera to detect, not easy for anyone to know what the enterer is looking at or thinking-about: The enterer reads and translates the password through the keymap, key-by-key entering the encrypted version manually.
(Note also that, rovot-clicking on a map generates sniffable pointer-tracking-metric data.)
A fully digital solution uses extra-length passwords and key-entry cover-ambiguity: Ambiguity reduces by factoring the strength of the password, to functionally implement both passwording and entry encryption-indecipherability. (Ambiguity complexifies arbitrary decryption-reading of keystrokes.) Secure runtime script computes a changing keymap from built-in-hashed encryption, to prevent the map itself being sniffed, read, or retransmitted. More advanced solutions include read-write and lettered entanglement (ambiguity).
(Sophisticated user-silhouetting log-in might trigger on individual-fingerstrokes and report the generated code with stroke-timings.)
Artistically an image-map might come as an animated icon compounded of an original map, overlaid random alphanumeric-like lines and dots, with a random moving line, flicker and inverting video, various fonts, various positional offsets, as something people should have no trouble reading-through, but stymies computers; Or it can be done with encrypted script, and disallowing software to take clear-text snapshots.
To encrypt, a keymap displays several choices per key (32 most-distinct alphanumeric or 64 most-distinct cased alphanumerpunxic) and the enterer loosely-translates password keys ambiguously by deliberately arbitrarily picking among the many-- the web-server must have done its homework to translate back to a reduced-length still-solid password equivalenced ambiguous through the keymap.
Methods may include a rovot-click-map for exo'cryption-like translation of data entry of an 8-12-key password ... it should not be much think work-time.
The anti-key-sniffer half-application is easy: Any map of keyboard-keys from easy-to-read-and-find letters to scrambled-letters: each time different, and the URL or short-lasting cookie includes a 20-digit code-seed.
Or the reverse coding might be done with the rovot mouseclicks.
The method of a large irregular dis-array obscuring-font display of all multiple choices of the letters and numbers, and selection by looking along rows or columns or diagonals for any other, -and sending that instead,- makes maximum-work for any sniffer to read all the characters ... yet a simple visual exercise for a person using it for log-in.
But, A human key-sniffer presents an equalizing challenge requiring more entanglement--
(The wildcarding combinatoric factor can be increased to 412 or 812 without enlarging the password, by allowing all four sides, left, right, top, bottom, for entering and exiting with distinct choices; but the starting block size should also be increased, probably 10-letter, and then the array to 64x64.)
Password length is longer than starting block size (i.e. a noninvertible matrix) to avoid single-instance-exposure to key-sniffing; The server ensures wildcarding by flatly-rejecting poorly wildcarded entry sets--and always-reminding of the rules...
A stronger entanglement than wildcarding, has the client user arbitrarily dropping one letter of the password in each chain-in pass;- Stronger than changing any one letter in-position because it affects the domain-base-position relation of all letters not just the one affected. (It is like breaking time-base-sync in a hologrammic transform, e.g. sinusoid matched-filter.) The server checks 12 choices (12 alternate positions in 12-letter passwords), while the sniffer has 1212 combinations.
(A variant entanglement inserts, an exclusioned letter, in each chain-in,- but which is essentially a back-folded, longer, password.)
Because significant visual-encryption methods take more time to log-in, their primary use may be at "personal bank-vaults" containing auto-login's that route around keyboard-sniffing via secure Internet trunklines, and already fully encoded leaving the "vault"-server.
Other methods include combination e-mail, p-mail, telephone, fax, each a whole sign-up password, which can then be simplified to one online using the entangler key-deletions or-insertions to specify the new....
Extreme measure may include changing the password each log-in by minorly-adjusting one entry, one letter instead of dropped, costing the server 1/8th more (8 starting-letters) and the sniffer ~24×1212 ... as this password is never systematized (matrix-solvable) in one log-in session, and changing it 'early' moves it beyond, and tends also to reduce the sniffer's observance-persistence, by relocations:-- allowing a potential 'escape route' of increasing securance .... [this will be updated till a significant -updater- solution is attained] ....
I suggest, Alter the Address bar to display on pages taking passwords,--
A premise discovery under the title,