Please note, new blog at http://www.acheron.org/darryl/

Friday, May 06, 2005Phishers using keystroke loggers

Just saw this article on Slashdot about the growing trend in phishers using keystroke loggers to more easily gain access to sensitive information. This blows me away. I've been frustrated about my bank using an image-based keypad for me to "type" my password in with. Sure it's a pain in the ass, but it makes my online transactions a little safer (especially given one person's comments). Every time I click a "key", the keypad moves to a random spot on the screen. It does this by calling a JavaScript method like "pressKey('k')" -- but is that really any more secure??

By Blogger Unknown, at 5/06/2005 11:45:00 pm  

Personally, I prefer the two factor methods for secure applications. That way, even if they do log the keystrokes, they are no good beyond your current session. Etrade is now issuing these for their larger accounts. I think for their smaller accounts they should give the account holder the option to help cover the cost. I think many people would be willing to pay $10 or so to help protect their finances.



» Post a Comment