Tuesday, July 04, 2006

Security: Beating Keyboard Loggers

Public Internet kiosks have been known to have keyboard loggers installed on them. These loggers are used to capture the passwords you enter to access different secure sites. The problem is there's not an easy way to detect if a system has a logger installed on it.

There are two types of keyboard loggers, software or hardware based. The hardware based ones are the hardest to detect, because they can be hidden inside the keyboard itself.

There is one trick that you can use to help protect your password. What you need to do is add extra characters to the passwords you type. Then highlight the extra characters you added, and delete them before you press a button to submit the password. This can prevent your password from being properly recorded.

Note: beware of copying your password to the clipboard, some keyboard loggers can capture this information.

Here is an example:

This is the real password without the extra characters:
  • P@ssW0rd
Here is the password with extra characters added. Highlight and delete the extra characters:
  • P1@2s3s4W506r8d9

No comments: