Defeating Keystroke Logging

By Deane Barker on November 23, 2006

We’ve talked a bit about keyloggers before, which can be a brutally effective way to capture passwords (see this post, this post, or this post).

But there’s a completely simple way to defeat them, based on the fact that a keylogger doesn’t know where on the page the focus is when you’re typing — it has no context, it just has what is typed.

So, next time you login from a public internet terminal or somewhere else you want to make sure your keystrokes aren’t being logged, do this —

Put the focus on the password field, and type one character. Then click somewhere else on the page — open Notepad if you have to — and type a bunch of random characters. Then, click back in the password field, and type another character. Repeat until your password is complete.

Extremely simple, extremely effective. Without the context of where the focus was when you were typing, the resulting string of characters is useless.

From this report at Alta Vista Security Group. Via Metafilter.

What This Links To


Comments are closed. If you have something you really want to say, tweet @gadgetopia.