Key Genius is a product that leverages the Yubikey to provide a more secure platform for logging into websites. It recently won an award in the Yubiking competition, in partnership with Security Now. The site stores site-specific passwords in an encrypted database, and using a browser extension, replies to valid Yubikey passwords by automatically inserting the correct password for the site. Usernames are not stored by Key Genius at all, so it’s up to the user to supply them to the website in question. This is actually a good thing, as compromise of the Key Genius database cannot in of itself bely a user’s logon credentials. This is a neat product that not only enhances convenience, but does so in a secure manner.

Here’s the first sentence from the source document:

Using equipment costing about $80, researchers from Inverse Path were able to point a laser on the reflective surface of a laptop between 50 feet and 100 feet away and determine what letters were typed.

…read the rest

The gist of the article is that researchers were able to determine key sequences by analyzing the sound waves produced by each key as subjects type. The researchers have also managed to isolate EMI transferred through the power grid to identify keystrokes. Most folks need not worry about directed attacks of this nature, but if you’ve got a secret somebody wants badly, watch your back… and your windows.

Note: Thanks to _dilan for the link!