Comments on: Safely Using Untrusted Computers

By: What is a Keylogger?

What is a Keylogger? — Wed, 23 May 2007 19:12:34 +0000

Yes, you are paranoid. Good. If half the Internet’s idiots were half as paranoid as you, there wouldn’t be the need for such extreme measures.

By: JB

JB — Sat, 25 Nov 2006 06:22:05 +0000

Yeah, I like that one too, but even that could be analyzed to find the password, knowing the full set of characters, number of deletions, and the fact that most passwords are not completely random strings of characters.

All that extra typing (or copy/pasting) and deleting would just take a lot longer than my method too. As I described it, you just sit down, type in one password and you’re up and running, with the added benefit of all your traffic being encrypted.

By: nstryker

nstryker — Sat, 25 Nov 2006 04:28:42 +0000

another method is to type text which contains your password mixed with extraneous characters, then use the mouse to click and backspace out the bad characters. this could be used in combo with the copy/paste from websites. of course, that requires you to be able to memorize your the long version of your password so you can locate bad characters in all the *********s.

By: JB

JB — Fri, 24 Nov 2006 23:10:11 +0000

But if you’re going to do that, why not just type it in, if you’re assuming that you will always change your password before they could use it?

I guess that would certainly be a simpler process, but it would require you to get to a trusted computer and change your password as soon as possible, and hope that someone else didn’t get it first.

There are definitely loggers that transfer the captured information as they go (via e-mail, IRC, or whatever), so if you want to be really safe/paranoid, you have to assume that as soon as you enter your password it is available to whoever would want to make use of it, wherever they might be, or even an automated system that will exploit it without manual intervention.

By: nstryker

nstryker — Fri, 24 Nov 2006 21:01:25 +0000

i’ve never seen an intelligent key logger (just ones that dumbly grab a stream of characters), but i think it’s an easier best practice to just copy-paste your password, then change it as soon as possible. that way your only compromise relies on the assumption that the contents of the key logger aren’t being harvested with any rapid frequency.

By: mama jacquie

mama jacquie — Fri, 24 Nov 2006 19:47:25 +0000

You better hurry up with this technology. I already stole Martha’s secret santa password after she used my computer. Nyahahaha!

By: JB

JB — Fri, 24 Nov 2006 19:29:54 +0000

PS - Dan, I would have tracked back to you, if your site wasn’t down again right now.