a dumb question: on-screen keyboard...

D

David

would using an onscreen keyboard to type in passwords when on a wifi
hotspot avoid capture by keylogging programs? reason i ask, i was just
reading a Norton email about password security and they mentioned that
one shouldn't log in to a bank site when on those hotspots due to
possible key loggers.

Dave
 
D

David

oh, and my ING account sign in page has an onscreen keypad for entering
log in info, ostensibly to avoid keyloggers, I believe...

Dave
 
S

Steve Riley [MSFT]

Keyloggers run on individual machines, not on entire hotspots. The session
between a workstation and the bank's web server is protected with SSL. So if
someone were sniffing traffic from the hotspot, your password would be
protected. However, if you were using some kiosk computer (rather than your
own), then it is possible that keylogging software on that machine could
intercept your password before it gets passed to the SSL encryption. I never
worry about hotspots, because I always use only my own laptop. I do, though,
worry a bit about kiosks.

Onscreen keyboards really don't help here. Sure, they can thwart keyloggers,
but what about screen recorders? What about rootkits or trojans (again,
installed on a kiosk) that can hijack a session after login happens? Public
machines simply present too many risks.
 
D

David

Steve said:
Keyloggers run on individual machines, not on entire hotspots. The
session between a workstation and the bank's web server is protected
with SSL. So if someone were sniffing traffic from the hotspot, your
password would be protected. However, if you were using some kiosk
computer (rather than your own), then it is possible that keylogging
software on that machine could intercept your password before it gets
passed to the SSL encryption. I never worry about hotspots, because I
always use only my own laptop. I do, though, worry a bit about kiosks.

Onscreen keyboards really don't help here. Sure, they can thwart
keyloggers, but what about screen recorders? What about rootkits or
trojans (again, installed on a kiosk) that can hijack a session after
login happens? Public machines simply present too many risks.
Click to expand...
thanks for the info, Steve! very helpful!

Dave
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot connect to Exchange webmail via Orange 3G PCMCIA card 4
Interesting Password Manager - Secure Shielded Password Keys Manager 2
tablet pc log in- on screen keyboard displaying passwords to the w 1
-Keyboard Problems- 6
Lost keyboard support in XP SP2 3
Logon screen: An on screen keyboard to type in my password 3
Internet Security measures in XP/SP3 5
Windows 10 Windows 10 Fall Creators Update 15

Top