A Thought on Keystroke Logging

By Deane Barker on November 9, 2005

Is using the mouse more secure than using the keyboard? I ask solely because of keystroke loggers.

Consider that if someone is just monitoring a stream of data from your machine, then using the keyboard gives them context. For instance, if I type the URL of my bank in my browser, then login, a stream of keystrokes would reveal this:

www.mybank.comdeane_barker[tab]my_password

That’s pretty significant data if someone is monitoring you. But if you use a bookmark to access your bank, then there’s no URL in the keystroke data, and thus no context to the username and password. This is better, right?

For that matter, do browsers that store your username and password make you more secure? Bottom line: does anything that prevents you from having to type stuff onto your keyword make you more secure? Have bookmarks and saved usernames and passwords narrowed the security hole of keystroke logging?

No definitive answer here. I’m looking for opinions.

Gadgetopia
What Links Here

Comments

  1. ING Direct seems to think so – logging into my ING savings account now presents me with a virtual keypad with 10 digit images (0-9) and a random letter printed on each digit. I have to enter my PIN by clicking on the digits, or by typing the corresponding letters on each digit (which change every time, so it’s not repeatable). It’s a bit more of a hassle, but seems like a good idea.

  2. My question is if OSK is susceptible to key loggers. My intuition says no, since it is mouse driven, but I keep thinking about the fact that it is still sending the signal to the OS.

    Anyone have more of a clue about this?

  3. I t should be remembered that keylogging can happen on many different levels for exapple u could have a physical dongle attached to ur keyboard wiht memory in it.(thye exist check ur cable at work if u haven’t just to be shure). From a software standpoint it could fall in many areas such as an irupt routine for the keyboard to something that hypothetically differentiates between text and binary info going into programs. For net purposes u could even have something like a packet sniffer that sorts out get and put type info from ur browser. So t make a long story short would depend on the specifics of the keylogging software/hardware.

  4. It is traceble by loggers but requirs two things to work. First, they must know what page you are on. Secondly, it records the x and y value. The only problem is that they have to get the same picture and it takes time to code. Most script kiddies wont waste their time. Why waste your timeon that when you still have people putting their tax statements with all their data on the internet and getting identitfy theft off a 13 year old kid that does a search in kazaa :)

  5. Not so much a comment, but a question this raises; a few of the bits of software I’ve installed cause a firewall alert. For example: Yahoo… is trying to monitor keyboard and mouse movements. Why?? I’ve opted to dis-allow this behavior and the chat program still works fine.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.