Email Best Practice #5
Using public computers or even your friend’s laptop to check your emails can be lethal. Can you really trust them? Your friends might be more interested in knowing your secrets than someone else’s. Are you really sure that they don’t have ‘key logging’ software installed on their computers so they can replicate everything that you typed? Don’t trust them! And don’t rely on antivirus solutions either to detect the presence of malicious scripts that store scripts while running in the background. It takes no time at all to add an exception to the list of processes scanned by any particular antivirus solution, and thereafter the script can run safely without the antivirus software touching it – and it’s netted all of your passwords!
Best Practice: Avoid checking emails or using other password protected internet applications like Facebook or Orkut when using someone else’s computer. But what if you end up in a situation where you have no choice other than to use such a machine to locate an important piece of information in your mailbox? Here’s a tip. Make sure that you do not type in your password directly, but instead juxtapose a few characters using the mouse pointer.
For example, type the last few characters first, and then change the location of cursor using the mouse, or use the pointer to block previously typed characters and overwrite them, eventually leaving the characters of your password in their correct places – any key-logging software will pick up the wrong and much longer password. Be Prepared! Practice this technique using your own keyboard! Most key logging scripts do not have the intelligence to manipulate the position of your mouse pointer and hence you password might just remain safe.
Finally, make sure that you change your password immediately you have access to your own personal computer.
Related posts:
you can do also this thing
- type your password in other file like .txt or .doc, etc…
- then copy that password and paste into paste password field…
i think there is no problem in this method…
I think thats also an option, but given the fact that the keylogger would ideally also capture applications that you open and the keys you press – like ctrl-c and ctrl-v it would be easy for someone to make out that you typed your password and pasted it. However, if you type a lot of garbled text along with the password, and then select the password within lines of text, and paste it, it would be much more safe.
The reason of doing some twists is certain keyloggers also store the handles of window where the password was typed. So its always safe to key-in certain characters via keyboard and then use mouse to change the cursor location and key-in the other characters.
@keyur
There is actually a bit danger to that method, especially with doc files but also with txt files. Typing a password in a non-secure storage space – be it a txt file, or a doc file, or anywhere but an input box – leads to the storage of that file in various areas in the memory. Nominally, that’s “fine” – it potentially puts passwords in non-priviledged non-permament storage. However, two caveats:
a) Many applications make temp files in case you perform an ‘oops’. Word does, if you’ve saved it at one point. One of my two preferred text editors, gVim, does even if you haven’t, IIRC. You close it ungracefully, and *poof* your password is on your hard drive forever.
b) User patterns. You use the method just described, and invariably you will open that txt file and leave it there for awhile. If you’re like most users, you will then do this often. You might even make it permanent – a big security no-no. Let’s say you’re more intelligent than that – but you do hibernate your laptop from time to time. Now the entire contents of your memory are on your hard drive, including your password. For quite some time.
Generally, though, I feel the big risk is anything that leads users to storing passwords in a desktop client or file. Users will take that practice too far.
Instead, use a program like KeePass or KeePassX (Linux version.) Stores encrypted, doubleclick the password to copy to your clipboard, paste it and your clipboard clears in 10 seconds automagically.