On-Screen Keyboard - is it fully safe?

[eagercyber]

Hi,

On-Screen Keyboard - is it fully safe wrt keylogger threats? In a safety tip, it was suggested that needs to be used wrt online banking if we have to do in public place like web-browsing center . Please advise.

 

[Sparsh007]

Some keyloggers are known to take screenshots too
but that most probably wont be very frequent(Ie the time gap between each screenshot would be large)So you have to click the keys fast
Also wat you can do is
First write the First part of yr account number/ID/Password and then the last part and then the middle part
The above in any order
like last middle first
middle last first and so on
This will fool the keylogger
For example if your password is thinkdigit
then first write

thin[]igit
and in between put a kd without the [] ofcourse

 

[ring_wraith]

errr.. not really. A human reading the log file will probably figure it out.

The On-screen keyboard works great. Anything beyond that is paranoia.

 

[joey_182]

whenever u login other than ur computer just do mistakes of typing...
ya dont type ur password in one go..i hav tested these with keyloger it just record wawt i press on keyboard..i mean it takes keyboard enteries given on specific areas...so doing mistakes in typing ll clear ur doubt of any risk..

 

[prem4u]

OnScreen keyboards are safer than hw keyboard...
Now some bank are providing virtual keyboard on their sites.
thats good...

 

[dheeraj_kumar]

Well, if you are talking about the on screen keyboard provided with windows, I'll say that even though it sounds very safe, for an experienced programmer, he can make a program which can record what keys you have clicked with the on screen keyboard too. I can at the moment think of two ways of doing this, and they are really easy to do too. So, I think that it is more safer than the keyloggers at present, although if a person knows what to look for, those on screen keyboards are as vulnerable as your physical keyboard.

 

[dhanusaud]

Well, if you are talking about the on screen keyboard provided with windows, I'll say that even though it sounds very safe, for an experienced programmer, he can make a program which can record what keys you have clicked with the on screen keyboard too. I can at the moment think of two ways of doing this, and they are really easy to do too. So, I think that it is more safer than the keyloggers at present, although if a person knows what to look for, those on screen keyboards are as vulnerable as your physical keyboard.

yeah pal,

software isn't compareable with hardware but i too don't gaurantee that we r safe while logging to our a/c with the help of screen keyboards bcoz generally keyloggers are coded for ascii (American Standard Code for Information Interchange) sensitive. i mean these software are able to detected the ascii code you have typed or press.

 

[dhanusaud]

some kl softies r 2 smart 2 figure this out ......

ax3...hv you ever noticed dat????
i mean kl softies..

 

[dheeraj_kumar]

the on screen keyboard provided with windows is extremely easy to bypass... just hook sendinput...

 

[Garbage]

If you want answer in one word, then NO!!! OSK is NOT safe from Keyloggers.

I've tried many keyloggers, and believe me, all of them logged keys of OSK.

 

[unni]

I remember reading about an utility which can take screen shots of areas were your mouse is pointing to. Obviously, it can read what you are trying to enter.

errr.. not really. A human reading the log file will probably figure it out.

The On-screen keyboard works great. Anything beyond that is paranoia.

I think atleast one bank (in India?) already gives some type of hardware device (SecurID?) for online banking.

 

[hullap]

Re: fag

OK..www.9n

reported

 

[paranj]

Its safe but not useful better u increase the habit and speed of ur normal typing

 

[dheeraj_kumar]

Dude even if he increases the speed of typing the keyloggers will log the key

 

[eagercyber]

Thanks for all the great pointers.

Yes, banks have started virtual keyboards . 1 extra-ordinary feature is that the position of each letter is dynamic. Each time I open the browser, 'a' is at a different position. Now the security is far higher.

How about the security of that? Can it be broken if the initial snapshot is taken for getting the position of each letter and later the click movements?

 

[dheeraj_kumar]

Of course, thats possible, but that would be slightly tougher... What I would do to get the password is, whenever you click the mouse, I record a screenshot. So I can see what you click. Quite possible. The same randomizing keyboard layout trick is used in a game called MapleStory to enter a pin number. There whenever you click a digit, the layout changes.

 

[prem4u]

There is nothing impossible....there is solution for every question ...

u create new safety technique ..cracker ll create new breaking technique...
this race ll never end

 

[dheeraj_kumar]

^^ yep true but yeah, engineering and reverse-engineering are meant to co exist.

 

[praka123]

well,smart ppl(banks too) should move away from windows.it is the most affected.
why not Linux