We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Internet Banking: Protect against key loggers

Primrose
Primrose Posts: 10,721 Forumite
Part of the Furniture 10,000 Posts Name Dropper I've been Money Tipped!
in Savings & investments
Here's a tip to protect internet Banking users from "key loggers" and having their passwords hijacked.

If you have Windows XP, call up a picture of your keyboard screen. (This is a little known facility which exists in Windows XP). Then, instead of typing in your passwords using your real keyboard, use your mouse to click on the letters/numbers of your password from the "picture of the keyboard" shown on your screen. This will prevent any key logger from discovering your password. Here's how it's done:
Method One
  1. Select "Start" (bottom left corner of your screen)
  2. Select "All Programs" from the pop up box.
  3. Select "Accessories" from the next pop up list.
  4. Select "Accessability"
  5. Select "On Screen Keyboard". You can "Drag & Drop" the picture as a permanent short cut onto your desktop screen.
Method Two
  1. Select "Start"
  2. Select "Run" (bottom right hand column).
  3. In the pop up box which appears, type "OSK" (On Screen Keyboard). Press OK.
If you don't have Windows XP, you can still use this security device by downloading a free software program. Search for "On Screen Keyboard" in Google.
«13

Comments

  • Hadrian
    Hadrian Posts: 283 Forumite
    This advice was brought up some time ago, I think it was in Computeractive magazine. The recommendation was NO! as it's the 'Keylogging' (the actual depressing of the keyboard) that's transmitted to whosoever is 'listening'. Check this out with someone a bit more knowledgeable than I am before attempting this.
  • Browntrout_2
    Browntrout_2 Posts: 295 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Thanks Primrose, I had hoped anti-spyware would stop that but reading this possibly not all of them, I guess this should be a thread on the tech forum though!

    wikipedia suggested AutoFill on the browser also helps..

    http://en.wikipedia.org/wiki/Keystroke_logging
    If it takes a man a week to walk to walk a fortnight how long does it take a fly with tackity boots on to walk through a barrel of treacle?
  • Primrose
    Primrose Posts: 10,721 Forumite
    Part of the Furniture 10,000 Posts Name Dropper I've been Money Tipped!
    Was interested in Hadrian's comments as this tip was given to me by somebody who is very computer literate. As I'm a non-techie, can anybody please explain to me in very simple terms why this may not work, as I would have thought that if one wasn't depressing actual keys on a keyboard, it would be impossible to detect which letters were being used.
  • Money_Watch
    Money_Watch Posts: 71 Forumite
    I'm not 100% sure, but I suspect that keyloggers just look at what letters are being sent by the computer, regardless of whether it's come from a key click or from a mouse click on the screen.
  • skiddy2k
    skiddy2k Posts: 1,627 Forumite
    Using On-Screen-Keyboard will protect only from Hardware keyloggers... other than that, it doesn't help with many keyloggers... basically, (not going into too much depth and techy terms), everytime you type a key into the keyboard, its processed on your PC and sent to whatever program is active... (in my case at the moment, Firefox)... the keys I press on the keyboard are being sent to Firefox. A keylogger will intercept the keys I'm typing, log them and also allow Firefox to receive them.

    When you use OSK (because it isnt built to be a security tool and the developers didn't have keyloggers in mind when building it), it is simply built to aid less-abled people (or those without a working keyboard) and the keys you click on the OSK send the keys to whichever window is active (like typing a normal key)... when the OSK sends the keys to whichever window is active, it does this a similar way to when a key is typed into the keyboard, it will send the message to the active window, but will also be intercepted by the Keylogger again.

    ... My explanation isn't exactly how it works, but its just to give you the just of it... It is possible to bypass/detect keyloggers still, but OSK is not the way. Read the link which Browntrout posted for more information

    There are products on the market which claim to work like the OSK, but none of those I have used work.

    Try using a keylogging program if you don't believe me or want to try it out.:)
  • DocProc
    DocProc Posts: 855 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Does anyone on here use software on their Home PC to save Usernames and Passwords?

    If so, is it safe? Can you recommend it? Is it convenient to use?

    I've heard you can just go to the site you want to log on to on the software's list. Click on it, then hit 'U' and 'P' on the keyboard and you're done. ie, logged in.

    Is this kind of software OK? Obviously it's not for shared machines or Internet cafes but does anyone out there use it?
  • fwor
    fwor Posts: 6,953 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I haven't used any software that works in quite the way that you describe, but the password manager that's built into Firefox works well on most (but not all) websites, and if you use a good master password/passphrase it should be quite secure (IIRC it uses the AES encryption standard).

    One thing that is surprising is the great variation from bank to bank on how well their login pages are designed to protect users from keyloggers. The worst example that springs to mind is Bradford & Bingley, which has no built-in protection - you just type your password into a field entitled "Password"!

    The best example that I've seen is ING direct, which requires you to use mouse clicks on a numeric keypad to enter your PIN number and memorable data - the good thing being that the layout of the keypad is randomised each time you visit the page, so that someone with bad intent cannot infer anything useful from the position on the page where you click the buttons.

    It would be good if those responsible for the regulation of online banking were to set minimum standards for all aspects of security at the customer interface, rather than letting each bank do it their own way...
  • tiptoe
    tiptoe Posts: 6 Forumite
    I use Password Corral (http://www.cygnusproductions.com) to store all security details and KeyScrambler (http://www.qfxsoftware.com) to encrypty data entered on secure pages.
  • maypole
    maypole Posts: 1,816 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    fwor

    EEK! :eek: I have quite a bit of money in B&B! think I might put it elsewhere.
  • maypole
    maypole Posts: 1,816 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    What is Sainsbury's bank online security like?
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 354K Banking & Borrowing
  • 254.3K Reduce Debt & Boost Income
  • 455.2K Spending & Discounts
  • 247K Work, Benefits & Business
  • 603.6K Mortgages, Homes & Bills
  • 178.3K Life & Family
  • 261.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture