There are several ways to defeat a keylogger. I wanted to describe an easy way which does not need any software or cost you money. It is not a revolutionary or new but quite useful. Some of you may already be practicing the same.
Keyloggers and Trojans can steal you passwords, credit card details or important information while you type them on your system. We are sometimes bound to use third party systems or even our own systems may be compromised (of which we may not be aware of). So how do we defeat a keylogger?
The Method
Let’s assume your password is “savemefromkeyloggers”. So when you type the password you need to ensure that you type the above password in a different obfuscated scheme. I am explaining this through an example.
Step 1: Type “veme”
Step 2: Use your mouse pointer to bring the cursor just before “veme” and type “sa”. So what you see is “saveme” but the keylogger log would read as “vemesa”
Step 3: Use your mouse pointer to bring the cursor just after “saveme” and type “ggers”. So what you see is “savemeggers” but the keylogger log would read as “vemesaggers”
Step 4: Use your mouse pointer to bring cursor before “ggers” and type “fromkeylo”. So what you see is “savemefromkeyloggers” but the keylogger log would read as “vemesaggersfromkeylo”
Important Note: Do not use the “arrow keys” to move the cursor. Use the mouse to click at the right place so that the password key strokes are jumbled up and the keylogger owner would not be able to understand your real password.
So you can create your own method to jumble up/obfuscate your “credit card number”, “CSV”, “passwords” or anything that is critical. It is a good practice to always use the same pattern to obfuscate the same data since it would make it more difficult for anybody to decode the real password from a single sample of obfuscated password. It becomes easier to decode when there is a sample of several obfuscated forms of the same password.
Disclaimer: This method do not protect against the advanced crimeawares which use techniques like “Form Grabbing” etc. The good news is that most of the commonly available cheap keyloggers are not all equipped with the same.
Advertisement:
Good advice. I have been following it since Outland Security LLC published its tutorial on this back in January.
What is so new in this?
How do you get around the face that the 99% of password entry boxes show “****” when typing? Almost impossible to know what letters correspond to the *, especially how complex some systems require passwords to be. Does the aforementioned method work if you first use a text-editing program, then paste the password into the box?
Cool tip! Thanks for sharing
It does not protect you against malwares which are hooking themselves into windows API calls….
This can work depending upon the definition of “keylogger”. It would work great against say a USB device sitting on the keyboard cable capturing keystrokes. A number of sophisticated keyloggers and trojans trying to steal passwords will also do things like taking a screenshot every time there’s a mouseclick and sending it back with the key log. That way the bad guy can see where you’ve moved the mouse.
Finally, a “keylogger” trying to specifically subvert a browser may not be recording the keyboard at all, but what is packaged up and sent when you hit the “Submit” or “Login” button — if it’s that type of software, you’ve already unscrambled your scrambling for it before it even “sees” the password. The author refers to this in the disclaimer as “Form Grabbing” :-/
@karan shah, nothing about the post states that it’s new. It’s an easy way to defeat a “Keylogger”. ” It is not a revolutionary or new but quite useful.”
;D
Good post! We will be linking to this great content on our site.
Keep up the good writing.
If some one desires expert view concerning blogging after that i advise him/her to visit this web site, Keep up
the fastidious job.