| By Scott Dunn |
Dozens of readers responded to my Sept. 10 Top Story, many of them proposing alternative ways to evade keyloggers other than the “revised Vesik method” I described.
No method can make you completely safe when using a public computer, so you must balance convenience with the level of risk that’s acceptable to you.
The Clipboard’s no safer than the keyboard
The revised Vesik method involves typing nonsense characters into a password input box when using a public PC and then rearranging some of the letters to form your actual password with the mouse. If the PC contains a hardware keylogger or is infected with a software keylogger, rearranging a password in this way will usually suffice to obscure your credentials. Most hackers will concentrate on the 99% of users who type in their passwords at Internet cafés in the usual way.
One proposal sent in by many, many, many readers was a variation on a single theme. Namely, keep your sign-in information on a USB flash drive or memory stick, then copy and paste the info into the appropriate fields when you’re required to use a public PC or other unsecured computer.
Unfortunately, many keyloggers capture any information you place into the Windows Clipboard. I tested the copy-and-paste technique using the All In One Keylogger from RelyTec. (For more info, see the vendor’s site.) The program easily captured the sign-in IDs and passwords entered, whether I used the standard menu options (Edit, Copy and Edit, Paste) or the keyboard shortcuts Ctrl+C and Ctrl+V.
In my tests, the All In One Keylogger wasn’t able to capture the information when I performed a copy-paste operation using a context (right-click) menu. But that’s not much to rest one’s hopes on. Other keyloggers do succeed at capturing data copied via context-menu options.