Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can keyloggers get my login information when I use drag and drop from Keypass?

Question:

I use Keypass to store my passwords to various sites. Will keyloggers be
able to get the login information when we use the drag and drop procedure? How
about the password when we type to open the Keypass utility?

In this excerpt from
Answercast #13
, I look at what keyloggers might be doing on your computer, how to protect your valuable information, and how to stay safe on the internet.

Become a Patron of Ask Leo! and go ad-free!

Keyloggers can do anything

If you have malware on your machine (and make no mistake about it,
keyloggers are malware), then the malware can do anything. I want to emphasize
the anything.

We often talk about keyloggers and the answer is, “Absolutely!” If a
keylogger is only logging keystrokes, great… don’t use a keystroke and
chances are what you’re doing won’t be logged.

The problem is that oversimplifies a much larger problem.

People think they are safe because they’ve avoided this keystroke issue,
when in fact, they’re just as vulnerable as before because malware is more than
keyloggers. Malware can monitor whatever you do.

Malware can track you

So, for example, if you use drag and drop, what you’re really doing is using
a form of copy/paste. The important thing here is that if it’s written
properly, malware can insert itself into the drag and drop process and see what you’re
doing. Malware can certainly hook itself into whatever Keypass uses when it’s
accepting the password from you.

So, absolutely, malware can certainly record the password that you type
into Keypass or any other password vault.

What is being recorded?

People have talked about using onscreen keyboards. They’ve used scrambling
software. They’ve used all sorts of things.

  • And absolutely, if the malware is only recording keystrokes, and you don’t
    use keystrokes, it’s not going to be recorded.

But how do you know? The malware could easily be taking a screen shot; they
could be monitoring other things in addition to keystrokes. You simply don’t
know that you’re safe.

Protect yourself from all malware

Do not assume that if you’ve protected yourself from keyloggers; you’ve
actually protected yourself.

You must make sure that you’re protecting yourself from all forms of
malware before you can start to consider yourself even close to safe when it
comes to this kind of hacking or malware intrusion.

End of Answercast #13 Back to – Audio Segment

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “Can keyloggers get my login information when I use drag and drop from Keypass?”

  1. “You must make sure that you’re protecting yourself from all forms of malware before you can start to consider yourself even close to safe when it comes to this kind of hacking or malware intrusion.”

    By “protecting yourself,” are you advising people to:

    1. Learn how to flatten and rebuild their own computers and reinstall programs (including anti-virus software) and install software updates from their original source(s); and

    2. Automatically delete emails from people whom and sources that they do not know; and not to visit disreputable web sites?

    Last year, I took my infected computer to several technicians, who took my money yet left some (if not all) of the malware on my hard drive.

    I found circumstantial evidence that an out-of-state psychopath finally stopped spying on me once I’d flattened and rebuilt my computer and stopped opening his emails.

    Don’t trust anyone who claims they can or will remove malware from your computer. Instead, consider flattening and rebuilding your computer yourself. You might find the process to be time-consuming (~ 24 hours for a PC; ~ 2 to 8 hours for a Mac with encryption) but easy.

    Is this what you mean, Leo?

    P.S. Any chance the FBI will ever take spying via keylogger spyware seriously and/or the source of such spyware will become easier to trace for the purpose of a criminal investigation?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.