A team of researchers from the University of Cambridge used a programme called 'PIN Skimmer' and found that codes entered on soft keypad could be identified. The tests were carried out on the Google Nexus-S and the Galaxy S3 smartphones.

A news website says, the software watches your face via the camera and listens to clicks through the microphone as you type.

Researchers Prof Ross Anderson and Laurent Simon say that camera can be used maliciously and the microphone can be used to detect ‘touch-events’ as the users enter their PIN code.

Microphone can ‘hear’ the clicks that the phone makes as a user presses the virtual number keys, the report said.

When the authors tried to work out four-digit PINs, the programme was successful over 50 percent of the time after five attempts. With eight-digit PINs, the success rate was 60 percent after 10 attempts.

The researchers said that to prevent a PIN from being identified is to use a longer number.

Hence to get rid of passwords leakage, the researchers recommended using fingerprints or face recognition as more drastic solution.