PDA

View Full Version : defeating key loggers ?


davidh
April 6th, 2007, 12:06 PM
Apparently bad guys are having increased success putting key loggers on public computers, to steal from brokerage and bank accounts.

When entering ID and password, enter only one or two characters in a field at a time and then use the mouse to move to the other field. Key loggers that do not monitor mouse movements would then see scrambled numbers instead of the real ID and PW.

Of course this is not foolproof. Just an additional precaution.

I wonder if there are cell phones equipped with telephoto lenses or hi-res imaging so that code thieves could make short video clips of people keying in credit card numbers on public phones. To play back later at their leisure to reconstruct the numbers from the finger movements.

David H

earler
April 6th, 2007, 01:18 PM
One way of ensuring that nothing like that could happen is to shield the keyboard with one hand when you punch the keys. I do that when I withdraw money from an atm.

davidh
April 6th, 2007, 03:00 PM
One way of ensuring that nothing like that could happen is to shield the keyboard with one hand when you punch the keys. I do that when I withdraw money from an atm.

That should help. To make it more secure, one would probably have to rest the heel of the typing hand so that only the fingers move *and* also maybe use three fingers instead of one to punch the numbers. Otherwise, if the whole arm moved, the relative sequential positions of the forearm could give away the numbers punched if one had a video of the whole authentication session.

DH

earler
April 6th, 2007, 05:25 PM
Yes, that is also not a bad idea. In fact, my right hand is under the left one and doesn't move. Only the fingers. As it happens, my code here is 1 digit followed by the same 3 digits, which makes the manoeuver easy.