Protect your password in a cyber cafe and on public computers

[Dude111]

Sometime you must have gone to a cyber cafe or used public computers to access the internet or mail.

Public computers are most prone to password hacking. Anyone can simply install a keylogger software to hack your password. Keylogging is one of the most insidious threats to a users personal information. Passwords,credit card numbers,etc.

It is very easy for the keylogger to harvest passwords. Each and every keystroke (whatever you type on the keyboard) gets recorded in the keylogger software and the person installing it can easily view what you have typed in.

For example,if you go to hotmail.com and check your mails. Say your ID is aaabbbccc@hotmail.com and password is snoopy2,the keylogger software records your usename and password in its log file as

www.hotmail.comaaabbbccc@hotmail.comsnoopy2

Risky isnt it???!!!

Theres a solution to this problem and you can easily fool the software!!

The keylogger software sees and records everything,but it doesnt understand what it sees,it does not know what to do with keys that are typed anywhere other than the password or user name fields.

So between successive keys of the password if you enter random keys,the keylogger software wont ever come to know where you typed in what..

In the process of recording the keys,the string that the keylogger receives will contain the password,but embedded in so much random junk that discovering it is infeasible.

So...

1. Go to hotmail.com or yahoo.com or any other site where you need to insert a password or PIN.

2. Type in your user ID.

3. Type in the first character of the password.

4. Click on the address bar in the browser,type in some random characters.

5. Again go to password field and type in the second character of the password and probably third too.

6. Again go to the address bar and type in a few more random characters.

7. Back to the password field and the next characters of the password.

Keep on repeating the process till you type in the full password in the password field.

Instead of the password snoopy2,the keylogger now gets:
www.hotmail.comspqmlainsdgsosdgfsodgfdpuouuyhdg2

Heres a total of 26 random characters have been inserted among the 7 characters of the actual password!!!

No doubt it takes a little bit of more time than the usual process,but you are safe and secure that way!!!

[zing]

safer a securer that way good post

What if the cyber cafe anticipates this and has a random screen shot generator and the owner has a look sees the random letters and then seeing them and reading the keygen file you will be able to filter out the actual password

I was watching a security program that went into detail about some of these logging apps and they were concerned about how sophisticated these are. Lloyds for example use a user number password then a 3 character drop down menu to select 3 parts of your memorable date. They shown that certain keygens can tell the location on the screen of the type and could predict what character you were selecting. It all depends on what dodgy app is in place as to how safe your way really is

[Paul M]

Quote:

Originally Posted by zing

What if the cyber cafe anticipates this and has a random screen shot generator and the owner has a look sees the random letters and then seeing them and reading the keygen file you will be able to filter out the actual password

Not very likely really

It would be easier to just install a few webcams and film you as you type.

[zing]

why not if a moron like me can think of it lol a program like fraps could record the wholse session. Webcams could work also. Thing is I wouldnt trust a net cafe full stop as if they wanted your data they could get it

[Dude111]

Quote:

Originally Posted by zing

What if the cyber cafe anticipates this and has a random screen shot generator

Actually someone on another site brought this up...... (It would have to catch it at EXACTLY THE RIGHT SECOND)

[punky]

Funny you should post this...

There was an article on The Register from 'security expert' Bruce Schneier and 'usability expert' Jakob Nielsen that passwords shouldn't actually be marked at all. No, really...

http://www.theregister.co.uk/2009/06...rds_usability/

What utter rubbish from so-called experts. The comments (for once) on El Reg are actually pretty good.

[Rob M]

Barking.....

[zing]

give it a few years and we will all be logging into site using biometric information

[Dude111]

Ah man!!

[altis]

Quote:

Originally Posted by punky

<snip>...

What utter rubbish from so-called experts. The comments (for once) on El Reg are actually pretty good.

I have some sympathy for the view. It's particularly annoying on routers and the like where you are entering the password that is used by many other devices. If you forget what it is then there is nothing for it but to enter a new one and then go round changing all the others - quite a task on a large network.

---------- Post added at 16:45 ---------- Previous post was at 16:37 ----------

In many large organizations, such as the NHS, you have to put your Smartcard in a slot on the side of your keyboard before you can access any information.

http://en.wikipedia.org/wiki/Smart_card
http://www.gemalto.com/

[CrowmanUK]

Its a nice idea I suppose but there is software out there that will pull the username and passwords as you log in to any site or email, all it needs is to be connected to a network and it'll get the lot as I demonstrated to our lecturer at college.
Msn, email, webmail, and quite a bit more too.
Its very worrying when you have to wonder if that software is installed at a cybercafe that you go to, I certainly wouldnt put any login details into any machine that I wasnt certain was safe.