Keypass password safe Not all software keyloggers can be bypassed with the use of virtual keyboards, as the key loggers log the keypresses from the virtual keyboards as well. Some keyloggers are even configured to log only details from on-screen keyboards, which makes the work for the malicious' person much easier, as the un-sensitive keypresses from the keyboard are not logged at all. The safest way to bypass this, is to use a process called obfuscation. Obfuscation basically allows key loggers to log a certain combination of keys, while keying in a different combination. There are some programs that are targeted at different obfuscation algorithms, and bypass them, but this still remains the most secure approach to keying in sensitive details. The user does not have to enter the keys manually, or use a virtual keyboard in this process. The password, login details, and other sensitive information is stored in a secure computer, then the program is run on a public machine. At this point, the program automatically enters the details, while obfuscating the characters used.
The best software for this is an open source program called KeyPass. Open source software can be trusted in matters of security at least, since a lot of people stand to lose their data, the code is open for everyone to examine. That does not mean that the software is easy to bypass, quite the opposite, the open scrutiny gives more credence to the software.
KeyPass is a password "safe", that stores all your passwords and sensitive information in one encrypted database file. This database file cannot be easily accessed, and can be taken around with you on a USB drive. You need Just one password to access the database. To keep matters simple, people tend to use the same password across all the websites they access. If one account is compromised, all of them are. The best way to keep all your accounts secure is to keep different passwords for them, and change the passwords regularly.
People who do this have a code or a system, where that they use to choose and cycle the passwords for different sites. Despite that, it is a good idea to use a password safe to store all your passwords. This way, you have to remember just one strong password, and you don't have to key in your passwords on any site.
KeyPass works by using a sensitive information database. There are some steps thin KeyPass takes to protect this database from intrusion. When you first run the software, you will be asked to create a master key and a keyfile. The keyfile is a file with random data, that is many times more secure than a password. A password more than 16 characters long for example, becomes very difficult to remember. Therefore, crackers or brute force methods, that exhaust all the possible combinations can get into the information with relative ease. In practice, this takes a long time, but is not impossible. A keyfile makes intrusion much more difficult, and beyond the purview of current brute-force intrusion methods. First you will have to create a master password for the database. The longer the password, the stronger it is. The more numbers and special characters you use, the better the password. KeyPass gives you an indication of how strong your password is. Anything over 50 bits in the "estimated quality" field is good to go.
You can choose to opt out of creating the key file. However, if you are storing a lot of sensitive data in the database, it is a good idea to create a keyfile. Click on Create to make a keyfile. There are two approaches to make a keyfile. Both these approaches ensure that the key file is truly random, and not pseudo-random. On the left is a field of noise, which the user has to run over with a mouse. AJternatively, a user can choose to key in random data from the keyboard. The more secure approach is to run the mouse randomly over the noise field, as even a random set of keys from a human user concentrates on a few keys, and is not that random.
You can stop once 256 characters are reached, which is many times more secure than a 12 character password. Now the database should have a few default fields. Fill this in and add details as necessary. For all the frequently used entries, you need to enable auto-type. Auto-type automatically fills in the user name and passwords in a number of sites. Auto-type works for most kinds of windows, but not all. Any field in a standard web page is accessible, and all the browsers are supported. There are a few places where auto-type does not work, such as a command line interface. Unless you are using a text-based browser, this should not be a problem.
When you edit the preferences for an entry, go to the Auto-type tab, and check Enable auto-type for this entry. Also check two-channel auto-type obfuscation. This is the feature that makes the text invisible to any kind of program that discovers cloaked text, or software keyloggers. You will be warned that auto-type obfuscation will not work everywhere, but ignore this warning as it is applicable to only the command-line type scenarios.
Reply With Quote
Copyright Techfuels
Bookmarks