a dumb question: on-screen keyboard...

would using an onscreen keyboard to type in passwords when on a wifi
hotspot avoid capture by keylogging programs? reason i ask, i was just
reading a Norton email about password security and they mentioned that
one shouldn't log in to a bank site when on those hotspots due to
possible key loggers.

Dave

oh, and my ING account sign in page has an onscreen keypad for entering
log in info, ostensibly to avoid keyloggers, I believe...

Dave

Keyloggers run on individual machines, not on entire hotspots. The session
between a workstation and the bank's web server is protected with SSL. So if
someone were sniffing traffic from the hotspot, your password would be
protected. However, if you were using some kiosk computer (rather than your
own), then it is possible that keylogging software on that machine could
intercept your password before it gets passed to the SSL encryption. I never
worry about hotspots, because I always use only my own laptop. I do, though,
worry a bit about kiosks.

Onscreen keyboards really don't help here. Sure, they can thwart keyloggers,
but what about screen recorders? What about rootkits or trojans (again,
installed on a kiosk) that can hijack a session after login happens? Public
machines simply present too many risks.

--
Steve Riley
steve.riley@xxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"David" <david@xxxxxx> wrote in message
news:57WdnX9LFOxh3HTbnZ2dnUVZ_hKdnZ2d@xxxxxx

Steve Riley [MSFT] wrote: thanks for the info, Steve! very helpful!

Dave