Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

Pasting password instead of using keyboard - safer?

jko

By jko
in IT and Computers

 Share

Recommended Posts

jko Silver Member

jko

Posted
Posted

To avoid possible keyloggers, does any Geek know if copying your password (e.g. from a Word document) and pasting to log in to e.g. a bank account site, is any safer than using the keyboard?

I sometimes copy half a password then type in the rest - is this futile, dangerous, or recommended?

IMHO Platinum Member

IMHO

Posted
Posted (edited)

If your keystrokes are being logged, chances are they also have access to the clipboard......

If you're a true tin-foil-hat-wearer, your best option would be to enter additional characters when entering your password, then use your mouse to manipulate the cursor to delete the incorrect ones and/or insert the correct ones, etc.

For extra security, change the system font size and/or browser zoom and location each time, so they can't reference by pixels.

All that said, if you're truly this paranoid, you'll probably think they have been doing a tempest attack on you and/or controlling your webcam for years anyway, so it's all moot tongue.png

LOL!

Edited by IMHO
AyG Platinum Member

AyG

Posted
Posted

Pasting will defeat simple key loggers, so yes, it's securer.

However, keeping your credentials in a Word document is fundamentally insecure; by doing so you're creating a security risk. Better to keep them in a password manager - KeePass for example.

However, to be significantly securer don't use Microsoft Windows. The range of malware for Linux (and for that matter, MacOS, which is currently based upon Linux) is negligible compared with that for Windows.

KhunHeineken Platinum Member

KhunHeineken

Posted
Posted (edited)

Looks like this thread is going in the direction of discussing password manager websites.

I just started a new thread about them, before reading this thread. Apologies to the moderators.

It doesn't matter which thread members post on. I would be happy to hear about their experience using these password manager websites.

Edited by KhunHeineken
astral Star Member

astral

Posted
Posted

IME some sites do not allow passwords to be pasted :bah:

My bank site only asks for selected characters of the password

much safer. :D

AyG Platinum Member

AyG

Posted
Posted

My bank site only asks for selected characters of the password

much safer. biggrin.png

Not necessarily much safer. Over time you'll enter all the password characters, so spyware could pick up your full password for future nefarious use.

WhizBang Platinum Member

WhizBang

Posted
Posted

Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

cooked Platinum Member

cooked

Posted
Posted

I use Lastpass password manager. I started using it 4 years ago, no problems. I was really happy with this as when I moved to Thailand I was able to use it in combination with XMarks to get all my old bookmarks onto my new computer.

  • Like 1
LookChang Explorer Member

LookChang

Posted
Posted

Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

Steganos Password Manager can login into my Bangkok Bank Bualang iBanking without typing anything. In fact I never had any problem with this application that I use for over three years. It's working with any site.

You can even save the cripted keychain contening all your PWs in a USB key that you can use on any computer without having to type the User/Pass to access your sites so these data cannot been intercepted by malwares.

lopburi3 Legendary Member

lopburi3

Posted
Posted

Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

LastPass works fine as of one minute ago. No need to type anything.

wooloomooloo Platinum Member

wooloomooloo

Posted
Posted

Yup, Bangkok Bank will not accept a pasted entry in their login data fields. You MUST type the ID and password.

Pain in the ass actually. They used to accept pasted data, but not now. Oh well, progress, I guess. Now I have the information memorized.

LastPass works fine as of one minute ago. No need to type anything.

I have just tried and WhizBang is quite correct, and never noticed myself, as use LastPass which form fills automatically. Bualuang iBanking doesn't allow pasting.

wooloomooloo Platinum Member

wooloomooloo

Posted
Posted

Anyway, I'm also happy with LastPass since I subscribed. It's free for basic features and subscription based for smartphone and tablets.

Prior to purchasing LastPass I was, like most I presume, using two or three passwords for all my online activities. Now I use very strong unique passwords and amazed how many I have stored.

I'd highly recommend downloading a password manager and giving it a try for a week or two and see how you go. I can only talk for LastPass but can confirm that it's very user friendly, autofills most online sites and you only require one master password. I wouldn't go back to my previous online incarnation for all the tea in china.

sumrit Gold Member

sumrit

Posted
Posted

My bank site only asks for selected characters of the password

much safer. biggrin.png

Not necessarily much safer. Over time you'll enter all the password characters, so spyware could pick up your full password for future nefarious use.

You don't actually type in the characters, you click on them from drop down boxes using your mouse.

If you have to type in the password why not use the virtual keyboard built into windows? It brings up an on screen keyboard and you click on each character using your mouse.

attrayant Gold Member

attrayant

Posted
Posted

The answer to questions like these is always "it depends". Hardware key loggers are easily defeated with the onscreen keyboard, but there are also software loggers, web form loggers, kernel based key loggers (which are near impossible to defeat because all keystrokes, whether physical or virtual, go through the kernel), clip board loggers (that capture anything you copy) and probably more that I'm not thinking of at the moment. It's getting to the point where you can trust an unfamiliar PC with your sensitive data about as much as you can trust a random stranger on the street.

DaveBKK Advanced Member

DaveBKK

Posted
Posted

It's very easy to get logging programs that keylog, capture the clipboard and screen. Example: http://activity-keylogger.en.softonic.com/

Simply put, don't *ever* trust any public computer to go to any important or password protected site. None of the little tricks listed previously will defeat the linked program.

Sent from my iPad using ThaiVisa app

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...