Please help me keep safe when internet banking

superscaper

robt wrote: »

But if they just have to re-enter the correct password on the next page then the keylogger will record that too.

Not sure if we're miscommunicating, you enter the password in a different order to how it's written by placing the cursor at different points. E.g. suppose it's "PASSWORD". I type "WORD" then click at the beginning of that and type "PASS" so you have "PASSWORD" in the box but any keylogger would record that as "WORDPASS". Another method I've seen is to simply have a notepad open and keep typing gibberish into it and return to the password field. So keylogger would actually return "PANONSENSESSWOMORENONSENSERD". But you've ultimately got the right password entered, it's just that any keylogger won't have recorded your password completely in sequence.

robt_2

superscaper wrote: »

Not sure if we're miscommunicating, you enter the password in a different order to how it's written by placing the cursor at different points. E.g. suppose it's "PASSWORD". I type "WORD" then click at the beginning of that and type "PASS" so you have "PASSWORD" in the box but any keylogger would record that as "WORDPASS". Another method I've seen is to simply have a notepad open and keep typing gibberish into it and return to the password field. So keylogger would actually return "PANONSENSESSWOMORENONSENSERD". But you've ultimately got the right password entered, it's just that any keylogger won't have recorded your password completely in sequence.

Understand that, and yes it was miscommunication - I read Ms Chocaholic's post wrong to start with :)

superscaper

robt wrote: »

Understand that, and yes it was miscommunication - I read Ms Chocaholic's post wrong to start with :)

I thought so. You seem too smart not to understand these principles. At least hopefully my explanations will serve as a guide to others that still didn't understand it.

robt_2

superscaper wrote: »

I thought so. You seem too smart not to understand these principles. At least hopefully my explanations will serve as a guide to others that still didn't understand it.

It is funny how sometimes you can read something wrong and then go back again and again and still read it wrong.

I had to go away for a drink, come back and sitdown again before I read it correctly

BritBrat

robt wrote: »

It is funny how sometimes you can read something wrong and then go back again and again and still read it wrong.

I had to go away for a drink, come back and sitdown again before I read it correctly

That would be the lager that refreshes the brain

robt_2

BritBrat wrote: »

That would be the lager that refreshes the brain

What is it that they say makes you blind lol

Lakeuk

You can store the passwords encrypted with something like the free Keepass (not used it myself for bank details but others have)

http://portableapps.com/apps/utilities/keepass_portable

I'd like the banks to use keyfob technology where as well as your pin you have to key in a randomly generated 8 digit number that changes every 30secs

bookduck

superscaper wrote: »

...any keylogger won't have recorded your password completely in sequence.

I agree threat the keyloger will get it wrong, but could log backspaces, deletions and enter keys etc. too. Some even log mouse movements and left/right mouse button presses. Normally the average P/W is quite easy to work out Pet/Family name/place name/dob/hobby item when you have the basic characters.

Sad to hear about the banks dodging responsibility though, bet they soon will want proof. If we all had a real time keypad/password authentication then there would be much less fraud.

superscaper

bookduck wrote: »

I agree threat the keyloger will get it wrong, but could log backspaces, deletions and enter keys etc. too. Some even log mouse movements and left/right mouse button presses. Normally the average P/W is quite easy to work out Pet/Family name/place name/dob/hobby item when you have the basic characters.

I know, sometimes some people think that "keylogger" is always literally just keyboard strokes. I'm not endorsing these particular countermeasure methods and personally I think in these particular cases hassle outweighs the risk and "why bother" is my conclusion. I'm pretty certain my PC is clean and I quite simply don't enter sensitive info on anything other than my own PC.

Although in your example if someone is going through the hassle of being that paranoid with their password, more than likely they'll have some random generation alphanumeric from grc.com or something that can't be guessed anyway.

Ms_Chocaholic

superscaper wrote: »

Not sure if we're miscommunicating, you enter the password in a different order to how it's written by placing the cursor at different points. E.g. suppose it's "PASSWORD". I type "WORD" then click at the beginning of that and type "PASS" so you have "PASSWORD" in the box but any keylogger would record that as "WORDPASS". Another method I've seen is to simply have a notepad open and keep typing gibberish into it and return to the password field. So keylogger would actually return "PANONSENSESSWOMORENONSENSERD". But you've ultimately got the right password entered, it's just that any keylogger won't have recorded your password completely in sequence.

Obviously a keylogger would know what letters have been missed if it was a word that was used as a password, say for example I typed COMPUER, and then clicked and entered a T, clearly it's obvious where that would go. My passwords are not words however, they are jumbled up letters and numbers, lower and uppercase so there's no way of guessing where the additional characters go.

From reading posts further down the thread, I've come to the conclusion that I am paranoid :eek: