Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

How Can I Protect My Password When Using Public Access?

Robski

By Robski
in IT and Computers

 Share

Recommended Posts

Robski Platinum Member

Robski

Posted
Posted

Basically I want to use internet banking and paypal whilst abroad, which will mean using public access PC's or a third party internet connection.

How can I protect my password against getting hijacked and my bank account cleared out?

Ok I have a basic idea, but it is just that, basic.

If I have a document on my computer or on a portable drive that contains my password, it could be any word in any innocuous article, and I copy & paste that into the password window, will that stop my password being detected by whatever spyware that may be lurking?

I have an Advent/MSI wind that I will be using, great machine and hopefully not too conspicuous when I'm out in the boonies,

however if that should get 'lost' I wouldn't want any traces of my password or key pattern left on it.

As I say that's pretty basic, there must be a more sophisticated way of doing things, perhaps a programme held on a portable flash drive that can help conceal my password and erase any trace of it after.

Any advice greatfully appreciated.

Jingthing Legendary Member

Jingthing

Posted
Posted (edited)

Picking up pasted in data is a common feature of many keyloggers. So, pasting in previously keyed items is not secure.

Edited by Jingthing
DaveBKK Advanced Member

DaveBKK

Posted
Posted

Copying and pasting alone will not work. Also using the onscreen built-in windows keyboard will not work, as that routes through the keyboard driver (which the keylogger monitors)

But a basic trick you can use is to embed your password within a group of characters:

abfiahriaPASSanbbWORDbfainbfia

Paste that into the password box, and then highlight and cut the beginning, middle and end portions.

Note, your password must be random, else a snooper might figure out logically what your password is.

kalaminsa Senior Member

kalaminsa

Posted
Posted
Copying and pasting alone will not work. Also using the onscreen built-in windows keyboard will not work, as that routes through the keyboard driver (which the keylogger monitors)

But a basic trick you can use is to embed your password within a group of characters:

abfiahriaPASSanbbWORDbfainbfia

Paste that into the password box, and then highlight and cut the beginning, middle and end portions.

Note, your password must be random, else a snooper might figure out logically what your password is.

Anything that you send from the PC can easily be snooped ...

sjaak327 Gold Member

sjaak327

Posted
Posted

Google vista PE or Bart PE (for XP), basically Vista on a USB stick, providing that the internet shop has fairly recent computers, you could boot from that USB stick, this way you can be sure that there's no keylogger running in the operating system.

Vista PE, can be loaded with both IE7 and Opera fairly easy.

Regarding snooped data, surely your bank is using ssl, which encrypts the data you send over the wire. For added security, you could setup a vpn connection.

torrenova Ruby Member

torrenova

Posted
Posted

If you copy and paste a string which has your password in it but delete by placing your cursor in the right place and not using the back or delete buttons it should not know which bit you deleted I presume ?

To be honest, I'd worry more about the people who have your money and inform them you will be away and using public computers. They should have more than enough security at their end.

Jingthing Legendary Member

Jingthing

Posted
Posted
If you copy and paste a string which has your password in it but delete by placing your cursor in the right place and not using the back or delete buttons it should not know which bit you deleted I presume ?

To be honest, I'd worry more about the people who have your money and inform them you will be away and using public computers. They should have more than enough security at their end.

I think most keyloggers would pick that up as well, the ones that record copy/paste data anyway, and that is not a hard thing to keylog.

cobra Gold Member

cobra

Posted
Posted (edited)
To be honest, I'd worry more about the people who have your money and inform them you will be away and using public computers. They should have more than enough security at their end.
Agree,

As the complications of password masking schemes increase, the likelihood of failed log-ins will increase.

Usually more than two or three failed attempts per session will lock you out, necessitating re-verification, password reset, and /or interfacing in some manner with the institution, all adding delay and frustration.

The threat of key logging and other data harvesting is over blown, if your really worried about it after using a public pc (windows machine) clear the browser temp cache then power it down, normal shutdown will flush the paging file, etc. :o

How to Clear the Windows Paging File at Shutdown

View products that this article applies to.

Article ID : 182086

Last Review : February 27, 2007

Revision : 3.3

This article was previously published under Q182086

For a Microsoft Windows XP version of this article, see 314834 (http://support.microsoft.com/kb/314834/EN-US/).

SUMMARY

This article documents the method for clearing the Windows paging file (Pagefile.sys) during the shutdown process, so that no unsecured data is contained in the paging file when the shutdown process is complete.

Some third-party programs may temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of Windows virtual memory architecture, this information may be present in the paging file.

Although clearing the paging file is not a suitable substitute for physical security of a computer, you may want to increase the security of data on a computer while Windows is not running.

Edited by cobra
tutone Senior Member

tutone

Posted
Posted

I've never had a problem. Make sure your log-in page is secure (https or ssl encryption). Make sure you log out when finished and you can also clear the history when you are finished.

Crushdepth Ruby Member

Crushdepth

Posted
Posted

Download Password safe. Generates long random passwords for your and stores them in encrypted form. You just have to remember the password to the 'safe'. You can install it on a USB stick. It will also clear the clipboard automatically.

Best not to use internet cafes for anything important though.

bartender100 Platinum Member

bartender100

Posted
Posted

My bank ask's 3 different random questions, with only certain letters from each answer, nobody could work that out, i thought that most use a similar format, change your bank. Paypal is not so secure.

sjaak327 Gold Member

sjaak327

Posted
Posted (edited)

My bank has a very simple system, you login using a 8 digit code, which is generated by a device resembling a calculator, the calculator needs your ATM card with pincode.

the calculated code is good for one time and is useless for login the second time. So unless you loose both the calculator and your ATM card (+pin), there is no security issue. (and of course make sure you have a pishing filter running into your browser :o )

Edited by sjaak327

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...