THE FINANCIAL OFFICER FOR MY OR¬ganization in Tanzania, I sometimes travel without my laptop and need to access password-protected Web sites from Internet cafes or hotel business centers. I worry about whether these public com¬puters have keyloggers installed.

By using the Windows On-Screen Keyboard ac¬cessibility utility, can I safely prevent keyloggers' recording my passwords?
If the On-Screen Keyboard simply creates key¬press events that can still be intercepted by key¬loggers, then can Copy/Paste be used to avoid the keylogger threat? Or do keyloggers also record the contents of the Windows clipboard? Do you have another suggestion for safely entering passwords at public computers?
The. On-Screen Keyboard utility is designed to let mobility-impaired users enter small amounts of text, typically by using a specialized pointing device. For maximum compatibility, it works by sending simulated keystrokes to the active appli¬cation. I tried it with a number of the commercial key loggers that I use in antispyware testing, and it was no help at all: The simulated keystrokes were captured just as actual keystrokes would be.

You could conceivably launch the Character Map utility and build your password by double-click¬ing characters. Once you had built the whole pass¬word, you'd click the Copy button and paste it into the password-entry box. Unfortunately, keyloggers can do a lot more than merely log keystrokes. Most also record everything that gets copied to the clip¬board, and many also snap screenshots of program activity. Character Map, then, is not a solution.

One possibility that seems hopeful is this: Type your password with extra characters in it and then use the mouse to highlight and delete the extra characters. For example, you might type passFROG¬word and then highlight and delete the middle four dots. Or type pla2s3s4w506r7d8 and delete every other dot. A keylogger would still record all of the keystrokes that make up your password, but they'll be mixed with other unrelated keystrokes.

If you need to use a public PC, your best option for entering passwords is to use a mobile password management/form filling application such as Siber Systems' Pass2Go ($39.95, RoboForm: Password Manager, Form Filler, Password Generator, Fill & Save Forms). Pass2Go runs off a USB memory key and protects your passwords behind a master password. Even if the master password is compromised, it's useless to the thief unless he has your USB key, too. It's not a foolproof solution, but will evade hacking tools that rely on capturing keyboard events.

You should do your best to avoid using nonsecure computers. Even if you keep a key logger from snag¬ging your password, it might still take screenshots of key financial info. Your best bet is to implement a high degree of security on your laptop and resign yourself to lugging the darn thing along.