Re: What can one do against Keylogger Attacks?
From: Tim Smith (reply_in_group_at_mouse-potato.com)
Date: Wed, 22 Jun 2005 05:00:21 GMT
In article <200506201303.j5KD3cMF003123@marco.aarg.net>,
Yoy G0 <email@example.com> wrote:
> If I need 100% protection against possible keylogger virus attack, so
> that noe one would be able to steal user's password / passphrase,
> what can I do?
If you control the software that is asking for the password, make it so
that it presents a random string, and the user turns that into the
password by using up and down arrow on each letter to change it to the
right letter. Basically the same way you enter a name into the high
score list on many classic arcade games.
Or don't use the keyboard--use the mouse instead. Put up a grid showing
all the allowed letters and other characters that can be in a password,
and have the user click them to enter them. If the grid is random,
someone monitoring mouse clicks gets very little information (they can
recognize duplicate letters).
Note you could use the arrow keys on the keyboard to navigate such a
grid, too, if you don't want to require a mouse.
-- --Tim Smith