Protect your password in a cyber cafe and on public computers

[Dude111]

Sometime you must have gone to a cyber cafe or used public computers to access the internet or mail.

Public computers are most prone to password hacking. Anyone can simply install a keylogger software to hack your password. Keylogging is one of the most insidious threats to a users personal information. Passwords,credit card numbers,etc.

It is very easy for the keylogger to harvest passwords. Each and every keystroke (whatever you type on the keyboard) gets recorded in the keylogger software and the person installing it can easily view what you have typed in.

For example,if you go to hotmail.com and check your mails. Say your ID is [email protected] and password is snoopy2,the keylogger software records your usename and password in its log file as

[email protected]

Risky isnt it???!!!

Theres a solution to this problem and you can easily fool the software!!

The keylogger software sees and records everything,but it doesnt understand what it sees,it does not know what to do with keys that are typed anywhere other than the password or user name fields.

So between successive keys of the password if you enter random keys,the keylogger software wont ever come to know where you typed in what..

In the process of recording the keys,the string that the keylogger receives will contain the password,but embedded in so much random junk that discovering it is infeasible.

So...

1. Go to hotmail.com or yahoo.com or any other site where you need to insert a password or PIN.

2. Type in your user ID.

3. Type in the first characterof the password.

4. Click on the address bar in the browser,type in some random charachters.

5. Again go to password field and type in the second character of the password and probably third too.

6. Again go to the address bar and type in a few more random characters.

7. Back to the password field and the next characters of the password.

Keep on repeating the process till you type in the full password in the password field.

Instead of the password snoopy2,the keylogger now gets:
www.hotmail.comspqmlainsdgsosdgfsodgfdpuouuyhdg2

Heres a total of 26 random characters have been inserted among the 7 characters of the actual password!!!

No doubt it takes a little bit of more time than the usual process,but you are safe and secure that way!!!

[HAN]

The only problem is that if the keylogger on the PC also takes screen shots, you're sunk.

With all due respect, it is never safe to use a public PC to log into any site that requires a user name or password...

[Dude111]

No i guess your right!

[jerryctx]

I would never use a public computer to log on to my (for example) bank. However, I can imagine a situation when I needed mail access enough to risk it. Dude111's technique is worth a try. Even it there is a keylogger and it records screen shots I suspect most hackers wouldn't take the time to figure out what it meant. Much easier to move on to all the users who logged on in the clear.

Security is never perfect. Weigh the risk against the value of that which we wish to protect.

And change your password when you get to a (relatively) secure computer.

[Dude111]

Most of them probably wouldnt think that someone would try this anyway i dont think....

[barlios]

What is your opinion on http://kyps.net, a service that ensures that you can login without revealing the password?

[jerryctx]

I don't see any flaws in the procedure that might reveal passwords to key loggers.

The question is "Do you trust KYPS?".

[HAN]

The question is "Do you trust KYPS?

I think you know my answer...

[Dude111]

I think you know mine also!!

[jerryctx]

Usually I wouldn't trust a web site, even those I recognize (if we can't trust Microsoft, and they have disclosed user info, who can we trust?).

However, this site appears to be associated with several distinguished researchers in computer science, including Andreas Pashalidis of the University of Essex, UK. If forced to use a public computer I might use KYPS. But I would still change my password ASAP.

[puterfixer]

This basic "fool the keylogger" technique may have worked 15 years ago. Since then, keyloggers now save the window name in addition to the keys typed in, and they also monitor the clipboard. Some take screenshots, or record everything in such a manner that what you were doing can be played back.

Avoid public computers at all costs, even friends' computers. Some people don't realize how valuable their e-mail account is until it gets raided.