Do you know if a keylogger can read a password that Roboform2go fills in
that is displayed only as dots on a site’s web page?
In this excerpt from
Answercast #56, I take another look at keylogging software and what it may
be capturing from an infected machine.
Become a Patron of Ask Leo! and go ad-free!
What keyloggers can see
Do I know for certain? No. The fact is that keyloggers should more correctly
be considered to be “activity” loggers.
A couple of things are going on here. One is: just because something is
displayed as dots doesn’t mean that the keystrokes weren’t given to the system
as keystrokes.
Dots are common; that’s typically how Password fields (the fields into which
you type your password) will display the characters that you’ve typed in. They
do that so that somebody walking by can’t see your password on the screen:
they’re replaced by asterisks or dots.
How is the activity entered?
Now, is Roboform2go entering keystrokes? I don’t know. Are they bypassing
keystrokes and doing something else fancy?
But you know what? It doesn’t matter.
If you’ve got keylogging software on there, it could be logging
anything! It could be logging all of the techniques that RoboForm or
any other password software could be using. It could log any of that. And it
could capture any of that.
A keylogger is malware
The bottom line is…if you’ve got a keylogger on your machine, you’ve got
malware on your machine and malware can do anything:
-
They can log your activity.
-
They can know what keystrokes were hit.
-
They can know what was on the screen.
-
They can know what was pasted in through the Clipboard.
-
They can know what was passed in under the table using backhanded Windows
APIs that maybe some of these password utilities try to use to avoid common
keystroke loggers.
You just don’t know. It is very possible that regardless of what techniques
this password utility uses it could still be logged regardless of how it
bypasses the keyboard and what’s displayed on the screen.
Internet safety
If you can’t trust the machine you’re about to enter a password on (and it
doesn’t matter how you enter it), then you probably shouldn’t enter your
password! There are too many ways that it can still be recorded.
Next from Answercast 56 – Is it OK to install this software that an online streaming service says I need?
Another way to explain it (overly simplified), is when you hit a key, it is put in a buffer in memory – that is why you can type ahead. Think of it as a tube. you are throwing characters in one end – by keyboard, or copy/pasting or through some other 3rd party software like Roboform2go. Programs (like email, word, games …) know where the buffer is, and are waiting at the other end of the tube, and grabbing the characters as they come out. Keyloggers know where that buffer is also, and all they are doing is recording what is entering into the tube. If Roboform2go is entering passwords, it is most likely sending them into the tube just as if you were typing it on a keyboard.