defeating keyloggers easily

Discussion in 'privacy general' started by danielspencer2, Jun 2, 2010.

Thread Status:
Not open for further replies.
  1. danielspencer2

    danielspencer2 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    40
    if i had a password requirement where for users to log into my website they need to click on 3 correct TEXT names to login, will that defeat keyloggers? For example, there could be 5 TEXT names like this:

    DOG
    CAT
    BIRD
    MOUSE
    HORSE

    The password could be users having to click on the TEXT name of Dog,Cat, and Bird to login.

    Will this defeat keyloggers as users are using their mouse to click on the TEXT names?
     
  2. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    Maybe the basic key logger, but if there is a click logger, then no. Plus only five options is a bit short, hacker would then have 20% chance of guessing the password in first try.

    I guess it would defeat key,click,clipboard-loggers if it was something like this (bare with me :)
    -on one side of the page there would be pet_names and random number generated next to it
    -on the other side of the page, there would be those numbers from the left and a check box next to every one of them.
    -so if my combination was "bird, mouse, horse", and some randomly generated numbers would be "22, 14, 9"; I would then check these numbers on the right an log-in button. This way, no keyboard logger would detect us, since nothing was typed, nothing in the clipboard, and click logger wouldn't know what are the "names" since the numbers are randomly generated every time and are far away from the check box.

    This help, let me know.
     
    Last edited: Jun 4, 2010
  3. katio

    katio Guest

    Some key loggers also take screencaps, if an attacker has access to a system there's no way to really hide something. The only way around this is something like a one-time password. Implementing it is hardly what you'd call "easily" though.
     
Thread Status:
Not open for further replies.