A library near me implemented self-checkout stations that use touch screens that make it easy to lose your password.
Those of you who’ve been around might remember I have written before about libraries and how I’ve found questionable security.
So how do you lose your password?
Lose Your Password
First of all, the devices have displays that are about 30 inches, with a giant keyboard shown on the screen. You scan the bar code on your library card and then enter your pin via the giant keyboard, which everyone standing next to you and behind you can see. There’s no line on the floor like at the bank or any “Please respect each other’s privacy” signs.
Second, the system is not a true touch-screen system. I’m not sure what it is, but when you touch the screen, a diamond appears, and the diamond has to be over the letter or button you want before it’s selected.
That’s irritating enough, but the calibration is off, so you have to touch the very bottom of the key/button so that the diamond is over the top of the key. As a result, I had to enter my pin 5 times before it registered.
I’ve watched many others struggle with this system, too, which means more opportunity for others to shoulder surf your password.
I talked to the librarian about this, and she said, “Even if someone gets your password, they won’t have your library card.”
Stop for a second and think about this. I see at least 2 problems with this, one more common that the other. To compromise your account, one person would need your library card, and another would not.
Hint: Think about the people you encounter at a library and don’t overlook the most obvious people. Give up?
2 Ways to Compromise my Library Account
I often visit the library with my family, usually my kids. Before this new system was installed, my kids didn’t know my pin. Since they’re usually urging me to hurry up, they are usually standing right next to me as I check out. Well, they know my pin now.
And they have access to my library card, which is usually in my purse. Just kidding, I mean my wallet.
Furthermore, my library prints my account number on the back of the card under the bar code, so now that my kids know my pin, they can fish my card out of my wallet, and write down my account number while my wallet is laying around in the house.
Then they can go online with their iPhones in the privacy of their bedroom and log into my account.
The person who does not need my card or account number is the librarian. Now obviously, the librarian doesn’t need my pin to mess with my account, as she has admin access to the library system. The system would probably log anything she did with her admin account (maybe not), but the smart way to mess with me is to do it away from work.
Because she had to help me check out that first time, she knows my pin. She can then look me up in the system and get my account number, which will just look like she’s checking my account. And then away from work, she can log in as me and do whatever. Sure, it’s far-fetched, but possible.
If you had access to my library account online, what could you do? Review my reading history, or reserve, renew, or cancel items. Not much.
The risk of both of these scenarios is low, but you don’t know that until you think through it. Sure, I could change my pin after I go to the library each time or I could have the librarian check me out the old way, which only required my library card. But the tradeoff I’m making is convenience.
The funny thing is, when the library implemented the system, they stressed not only the convenience of checking your items out yourself, but also the privacy benefits of not having a librarian see what you’re checking out. Evidently, the privacy of each user’s pin wasn’t that important.
And as much as I don’t like my pin being exposed, it sure it more convenient to check myself out.
Besides, my kids know what I do for a living, and they know I’m paranoid, so they think I’ll catch them no matter what; also, the librarian is a good friend of mine. But I’ll still change my pin from time to time.
My previous library post: Always Attack the Lone Reed
Bruce Scheiner’s Security Trade-offs
Other Security Scout Posts (see About for an explanation)
2 responses to “Library Checkout: Touch Screen, Lose Password”