Re: Keylogger resistance

I think the post of giorgio.tani says it all:
"you should secure your system at a lower level, not allowing to an
attacker to install and execute arbitrary code on your machine, or
otherwise any security assumption can be broken."

If you can't be sure of the machine you're using to enter some
information (because you are a poor admin or enjoy Internet cafés or
friends computers), just consider the information you enter can be
monitored, logged and *stolen*.

In the case of keyloggers and passwords a solution is to use two
factors authentication: harware tokens for instance. This is why the
trend is that more and more banks today rely on two factors
authentication for their client access or wish they would.

Kind regards
Ludovic Joly


Relevant Pages

  • Re: Signatures and encryption headers
    ... breached when an attacker can modify the message received? ... But I see how the lack of authentication can cause the receiver to act ... not for the iv or other encryption ... A create a payload, S signs it with public key crypto (most likely ...
  • Re: Migrating to a newer version of FreeBSD
    ... So I hastily installed a radius server, ... > sendmail and qpopper on it. ... > cannot seem to just download newer ports and install them. ... > authentication working on that one quickly and easily. ...
  • Re: MOSS2007/WSS 3.0 Installation/Configuration Problems
    ... At work the WSS v3 worked without issue. ... Authentication ... Is there some way to figure out if the ASP.NET membership is the cause ... try a clean install this afternoon. ...
  • new authentication protocol, possible SRP alternative
    ... I've been studying authentication protocols lately and am interested ... I've designed a protocol that appears to me to provide the same ... Bob stores: ... An attacker who discovers K should ...
  • Re: enc and auth scheme with tiny cryptograms
    ... - unidirectional message exchange between two peers ... receiver maintain state associated with this connection? ... required and how the receiver handles authentication failures. ... Therefore, an attacker would have ...