Keyloggers are programs or hardware devices that record what you type on your keyboard. A typical recording might be:
www.facebook.comemail@example.comabc123
From this example it's easy to see that the person's password is abc123. Some keyloggers might record mouse clicks as well, making it easier to see what's going on. Here, each click moves entry to a new line:
www.facebook.com
email@example.com
abc123
A solution might be to use an on-screen keyboard, since although the program records clicks, it doesn't record where you click. Westpac bank uses this. However, I've heard that on-screen keyboards are seen as real keyboard by the OS, so their keystrokes are also picked up by keyloggers.
This is a simple method I use to outsmart keyloggers: while typing your password, especially before and after, click randomly on the screen and type random characters. If you click outside the password box, these characters aren't entered, but the keylogger has no way of telling which characters are typed into the box and which are not. This is what a keylogger might pick up when this method is used:
www.facebook.com
email@example.com
kjfd
wiu
45js
jt4
ab
lks
ckjl4
jls
c1
lks
23
lkj
r4
In this case, the keylogger has no way of telling that "ab", "c1" and "23" are the real password, while the rest are nonsense.
Notes and limitations
Remember to start and end with random characters, otherwise the beginning and ending of your password will be known.
Keep the length of characters between clicks consistent - 2-3 characters. If you type a combination of long and short strings, the short strings are more likely to be your password.
This method can still be foiled by long term observation of your strings and seeing which crop up most often. You might be able to get around this by typing the same thing everytime.
No comments:
Post a Comment