How to fool key loggers

Are you logging into a computer you don’t really trust? Don’t know what 2FA is or too lazy to set it up? Here’s a simple (but by no means bulletproof) way to bamboozle basic key-loggers which might try to steal your password:

Don’t just type your password as you normally would. Instead, use a combination of keystrokes and mouse clicks to get your password in there in a ’roundabout’ way. This works best against physical key-logging devices – which are small gadgets plugged into the end of (or sometimes into) the keyboard. This could easily happen at an internet cafe, be warned.

Example 1: The backtrack

A simple one – if your password is “fubar”, type “ubar” then click the beginning of the text field (don’t use the keys to move the cursor) and type “f”. To a physical key-logger, your password will look like ‘ubarf’.

Example 2: Lightly seasoned

This one is useful if your password is short and you’re too lazy to think up a good one, but then, you’re kinda asking for trouble 🙂 Type your little password followed by a bunch of random characters, then use the mouse to select those nonsense characters, right-click and ‘cut’ the nonsense off the end of your password. In cryptography speak, this is referred to as a ‘salt’.

Example 3: Clickety click

Most Windows installations have an ‘on-screen keyboard’ app (just hit the Windows Key, then type ‘on’ to find it). Use a combination of the physical keyboard and the on-screen keyboard to enter your password. Neither physical key-loggers, nor malicious screen capture software alone will be able to determine what you’ve typed in. Combine this technique with examples 1 and 2 for even better security.

Example 4: Give it a pasting

Yet another trick you could employ is to open up notepad, type some random characters, then a couple of characters from your password, followed by some more nonsense characters. Then, use the mouse to select just the useful characters from your password, right-click and copy them. Now close notepad and make sure you DO NOT save the document anywhere. Next, go to the password field you are logging into and type your password, without the characters you copied before. Then, click into the text field where you need to add those characters, right-click and paste them in.

The take-away?

Be especially wary of public computers and assume that someone is always watching you type and you’ll develop a better sense of how to stay secure online. Also, research has shown that what you type can be determined (with above 90% accuracy) just from analyzing the sound of your keyboard! I’ve developed a free app to deal with this, called Key Cover.

All in all, you should really set up 2-Factor Authentication (2FA) where you can. Better yet, use these tricks along with 2FA for optimal security.

And, if all this is too much for you, just let me know which charity you’d like all you savings transferred to 🙂

Leave a Reply