a dumb question: on-screen keyboard...

  • Thread starter Thread starter David
  • Start date Start date
D

David

would using an onscreen keyboard to type in passwords when on a wifi
hotspot avoid capture by keylogging programs? reason i ask, i was just
reading a Norton email about password security and they mentioned that
one shouldn't log in to a bank site when on those hotspots due to
possible key loggers.

Dave
 
oh, and my ING account sign in page has an onscreen keypad for entering
log in info, ostensibly to avoid keyloggers, I believe...

Dave
 
Keyloggers run on individual machines, not on entire hotspots. The session
between a workstation and the bank's web server is protected with SSL. So if
someone were sniffing traffic from the hotspot, your password would be
protected. However, if you were using some kiosk computer (rather than your
own), then it is possible that keylogging software on that machine could
intercept your password before it gets passed to the SSL encryption. I never
worry about hotspots, because I always use only my own laptop. I do, though,
worry a bit about kiosks.

Onscreen keyboards really don't help here. Sure, they can thwart keyloggers,
but what about screen recorders? What about rootkits or trojans (again,
installed on a kiosk) that can hijack a session after login happens? Public
machines simply present too many risks.
 
Steve said:
Keyloggers run on individual machines, not on entire hotspots. The
session between a workstation and the bank's web server is protected
with SSL. So if someone were sniffing traffic from the hotspot, your
password would be protected. However, if you were using some kiosk
computer (rather than your own), then it is possible that keylogging
software on that machine could intercept your password before it gets
passed to the SSL encryption. I never worry about hotspots, because I
always use only my own laptop. I do, though, worry a bit about kiosks.

Onscreen keyboards really don't help here. Sure, they can thwart
keyloggers, but what about screen recorders? What about rootkits or
trojans (again, installed on a kiosk) that can hijack a session after
login happens? Public machines simply present too many risks.
Click to expand...
thanks for the info, Steve! very helpful!

Dave
 
Back
Top