How to Protect Your Passwords on Public & Private Computers

Have you ever used a friend’s computer or a public computer in a library, cafe, or school?

There is no way of knowing if a public computer is safe or if it is running a keylogger, malware designed to capture everything typed into your keyboard. Entering your login username and password on one website can compromise a lot more than just one account. Credit cards, bank accounts, and your social security number can be exposed, leaving you vulnerable to identity theft.

Unlike phishing, which more alert computer users can avoid, a keylogger is undetectable (it doesn’t even appear in your Task Manager) and anyone – even sophisticated users – can fall victim to keylogging.

When signing in to a personal email account on a public computer, the user’s website is not likely to be saved in Favorites or Bookmarked, so the string of keys logged by the keylogger malware usually contains a URL followed by a username and password:

yahoo.comsusierogers321checkers99

The string above tells the logger that susierogers321 @ yahoo.com has the password checkers99.







What to Do on a Public Computer

First, the safest thing to assume is that there is a keylogger on any computer available for public use. Keep in mind: the only surefire way to keep your information private in public is to avoid logging in to any critical accounts (your email address, financial accounts, etc.) on a public computer.

It almost seems impossible to conceal the login information in the example above from a basic keylogger. How can any input be hidden if the keylogger sees everything? Simple: hide it in plain sight. Use random keys that will be seen by the keylogger but won’t affect normal login.

A keylogger sees everything but it doesn’t understand what it sees, just like your web browser sees everything but it only uses the text that is input in website form fields or the browser address bar.

When entering your password on a public computer, type the first letter of your password in the password box. Then click away from the password box (in the login screen sample image shown, you would click on the blue part of the screen above) and type a few random keys (for example, wyxfs). You won’t see anything but the keylogger will. Then click back into the password box and type the next letter of your password. Click away from the password box again (the blue section) and type more random keys (for example, hwoal), then repeat this process with other random keys between real password letter entries until your password is complete. This is what a basic keylogger will see when modifying the original example above:

yahoo.comsusierogers321cwyxfshhwoalejrudkcajfurkhejcienfysmkrsnchtsieoal912049a74j

Your password, checkers99, has been camouflaged between numerous random characters rendering the basic keylogger almost entirely ineffective:

yahoo.comsusierogers321cwyxfshhwoalejrudkcajfurkhejcienfysmkrsnchtsieoal912049a74j

This method is not 100% foolproof but it is a lot smarter and safer than entering your login information on a public computer as you normally would enter it on a secure computer at home. Advanced keyloggers can record screen captures at every keystroke and mouse click, which will expose your password even using this trick.

Some financial institutions use on-screen keyboards that require the user to click virtual keyboard keys with the pointer on the screen instead of typing into the physical keyboard. This helps protect against basic keyloggers but this does not protect you against screenlogger screen captures with this method either.







At Risk Even At Home

Just because you’re on your home PC with antivirus protection doesn’t mean you’re protected against keylogger and screen capture malware.  If you visit the wrong website, click on the wrong link or download a corrupted file, you’ve got company:

  • Keyloggers record everything you type by monitoring the keyboard, capturing private conversations and passwords used for shopping, banking and email.
  • Screenloggers take a snapshot of the screen at your most vulnerable moments, like when you are plugging in sensitive data such as bank account information with an on-screen virtual keyboard or logging into a seemingly secure website with SSL encryption.
  • Webcam loggers take real-time snapshots of whatever your webcam sees - that includes you - and some webcam loggers can switch on your webcam to spy on you without triggering the “on” light.
  • Clipboard loggers can get around most security software to spy on your clipboard, potentially stealing usernames, passwords, credit card numbers, and other private information you normally cut, copy and paste.
  • Malware can also target your registry, your physical memory (RAM), and other sensitive areas so it can inject malicious code and seize control of your PC.

The only protection against these threats is offered by our new PerfectGuard multi-antilogger software, which provides the essential protection most antivirus programs can’t and don’t provide. Use PerfectGuard to patch the holes left by traditional security software. PerfecGuard is compatible with most antivirus programs.







Related posts:

Category: PC ProtectionPerfectGuardTips

Tags:

2 comments

  1. I would guess that a number of keyloggers have by now looked at PerfectGuard and figured a work-around. The criminal punishment for this type of crime should be more than just a slap on the wrist.

Leave a Reply