Skip to content
View in the app

A better way to browse. Learn more.
Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Pasting password instead of using keyboard - safer?

jko
in IT and Computers

Featured Replies

To avoid possible keyloggers, does any Geek know if copying your password (e.g. from a Word document) and pasting to log in to e.g. a bank account site, is any safer than using the keyboard?

I sometimes copy half a password then type in the rest - is this futile, dangerous, or recommended?

If your keystrokes are being logged, chances are they also have access to the clipboard......

If you're a true tin-foil-hat-wearer, your best option would be to enter additional characters when entering your password, then use your mouse to manipulate the cursor to delete the incorrect ones and/or insert the correct ones, etc.

For extra security, change the system font size and/or browser zoom and location each time, so they can't reference by pixels.

All that said, if you're truly this paranoid, you'll probably think they have been doing a tempest attack on you and/or controlling your webcam for years anyway, so it's all moot tongue.png

LOL!

Pasting will defeat simple key loggers, so yes, it's securer.

However, keeping your credentials in a Word document is fundamentally insecure; by doing so you're creating a security risk. Better to keep them in a password manager - KeePass for example.

However, to be significantly securer don't use Microsoft Windows. The range of malware for Linux (and for that matter, MacOS, which is currently based upon Linux) is negligible compared with that for Windows.

Looks like this thread is going in the direction of discussing password manager websites.

I just started a new thread about them, before reading this thread. Apologies to the moderators.

It doesn't matter which thread members post on. I would be happy to hear about their experience using these password manager websites.

IME some sites do not allow passwords to be pasted :bah:

My bank site only asks for selected characters of the password

much safer. :D

My bank site only asks for selected characters of the password

much safer. biggrin.png

Not necessarily much safer. Over time you'll enter all the password characters, so spyware could pick up your full password for future nefarious use.

Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

I use Lastpass password manager. I started using it 4 years ago, no problems. I was really happy with this as when I moved to Thailand I was able to use it in combination with XMarks to get all my old bookmarks onto my new computer.

    •
    • Like 1

    Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

    Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

    Steganos Password Manager can login into my Bangkok Bank Bualang iBanking without typing anything. In fact I never had any problem with this application that I use for over three years. It's working with any site.

    You can even save the cripted keychain contening all your PWs in a USB key that you can use on any computer without having to type the User/Pass to access your sites so these data cannot been intercepted by malwares.

    Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

    Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

    LastPass works fine as of one minute ago. No need to type anything.

    Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

    Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

    LastPass works fine as of one minute ago. No need to type anything.

    I have just tried and WhizBang is quite correct, and never noticed myself, as use LastPass which form fills automatically. Bualuang iBanking doesn't allow pasting.

    Anyway, I'm also happy with LastPass since I subscribed. It's free for basic features and subscription based for smartphone and tablets.

    Prior to purchasing LastPass I was, like most I presume, using two or three passwords for all my online activities. Now I use very strong unique passwords and amazed how many I have stored.

    I'd highly recommend downloading a password manager and giving it a try for a week or two and see how you go. I can only talk for LastPass but can confirm that it's very user friendly, autofills most online sites and you only require one master password. I wouldn't go back to my previous online incarnation for all the tea in china.

    My bank site only asks for selected characters of the password

    much safer. biggrin.png

    Not necessarily much safer. Over time you'll enter all the password characters, so spyware could pick up your full password for future nefarious use.

    You don't actually type in the characters, you click on them from drop down boxes using your mouse.

    If you have to type in the password why not use the virtual keyboard built into windows? It brings up an on screen keyboard and you click on each character using your mouse.

    The answer to questions like these is always "it depends". Hardware key loggers are easily defeated with the onscreen keyboard, but there are also software loggers, web form loggers, kernel based key loggers (which are near impossible to defeat because all keystrokes, whether physical or virtual, go through the kernel), clip board loggers (that capture anything you copy) and probably more that I'm not thinking of at the moment. It's getting to the point where you can trust an unfamiliar PC with your sensitive data about as much as you can trust a random stranger on the street.

    It's very easy to get logging programs that keylog, capture the clipboard and screen. Example: http://activity-keylogger.en.softonic.com/

    Simply put, don't *ever* trust any public computer to go to any important or password protected site. None of the little tricks listed previously will defeat the linked program.

    Sent from my iPad using ThaiVisa app

    Create an account or sign in to comment
    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.