Back to Glossary
Attacks
What is Shoulder Surfing?
Observing someone's screen or keyboard to steal passwords, PINs, or other sensitive information, one of the simplest and most effective attacks.
Shoulder surfing is low-tech, requires no tools, and is surprisingly effective.
Where It Happens
- ATMs (PIN observation)
- Coffee shops and coworking spaces
- Airports and public transit
- Conference rooms and offices
- Any public space where you use a device
What Attackers Observe
- Login credentials as you type them
- Financial information on screen
- Private messages and emails
- Unlock patterns or PINs
Protection
- Privacy screen protector: Makes screen invisible from side angles
- Biometric authentication: No typing to observe
- Password manager + auto-fill: Credentials aren't visible during entry
- Awareness: Position yourself with your back to a wall
- Shield your PIN: Cover the keypad at ATMs
Related Terms
Operational Security
The practice of protecting sensitive information by thinking like an adversary to identify vulnerabilities in your own behavior and communications. OPSEC goes beyond technical tools to address human factors that could expose you.
Privacy Screen Protector
A physical screen filter that narrows the viewing angle of a display, preventing shoulder surfing and visual eavesdropping.
Have more questions?
Use our guided flow to get the right next privacy step for Shoulder Surfing.
Open Guided Flow