Sometimes. But you’re asking the wrong question.
The answer is both yes and no.
Using a password vault to fill in your password can, indeed, bypass certain types of keyloggers: no keystrokes typed, no keystrokes to log.
However, and this is important: not all keystroke loggers work that way. You may still be at risk.
Become a Patron of Ask Leo! and go ad-free!
Password Vaults vs Keyloggers
Keyloggers are just a form of malware, and can log much more than just physical keystrokes, including all the different ways credentials might be entered by a password vault. The intent of a password vault is not to bypass malware, but to make it easier to have strong password security across all your accounts. Avoiding all malware, including keyloggers, is the most important way to stay safe.
The simple answer: you can’t assume
The only safe answer is to assume that the keystroke logger can indeed log your password entries, regardless of how they’re entered.
The problem is in the name: “keystroke” logger. Monitoring physical keystrokes is only one way a keystroke logger can compromise your security. There are many others.
To understand this, we need to address a much larger issue: if you have a keystroke logger on your machine, you have malware on your machine.
And once it’s in place, malware can do anything.
“Keylogger” is an unfortunate term. I say that because we think of keyloggers as logging only keystrokes. That’s why I said if a keylogger logs only keystrokes, then by not making any keystrokes, there’s nothing to log.
Again, keyloggers are malware, and malware can do anything. Keylogging may be only one of your worries.
Logging more than keystrokes
Hackers are aware of all of the techniques people use to try and bypass them, so the form of malware we incorrectly call keyloggers has become more sophisticated. Here are just a few ways that malware can log beyond keystrokes:
- Intercept the path a physical keystroke takes, as I mentioned above, logging the actual keystrokes.
- Intercept the path clipboard entries take (some password-entry techniques involve the clipboard).
- Intercept your browser’s data entry code and monitor anything you enter into the browser.
- Take and save screenshots with every mouse click when an on-screen keyboard is used.
Using a password vault is likely only to thwart the first keylogging technique. You may still be vulnerable to the rest.
Intercepting what’s going on between your password vault and the places those passwords get entered is not that difficult for a powerful keylogger.
Let’s stop thinking about them as keyloggers and start thinking about it as malware. Malware can do anything, and, yes, absolutely: malware can capture what’s happening between your password vault and your browser.
That’s not an argument against using password vaults. I’ll talk about that in a second. What it’s a very strong argument for is: don’t get malware in the first place!
Don’t worry so much about keyloggers (or any other specific type of malware), and worry more about malware in general. Don’t let your machine get infected, because whatever you get infected with, like I keep saying, can do just about anything it wants to.
So focus your energies on doing more of what it takes to stay malware-free, and less about trying to avoid specific types of malware (like keyloggers that happen to log only keystrokes).
Password tools for security
Password vaults have a very, very important role. The reason I so strongly recommend them is so you can more easily use multiple different, hard-to-remember, secure passwords on multiple sites.
People who don’t use a tool like this tend to do a number of things that compromise the security of passwords:
- They use short passwords.
- They use passwords they can remember.
- They write them on sticky notes.
- They use the same password everywhere.
All of these techniques and more reduce their overall security.
Increase your overall security
By using a password vault, you allow yourself to:
- Use long, complex passwords.
- Use a different password for every site.
- Use passwords you will never remember (but you don’t have to, because the vault remembers it for you).
That’s the value they add.
Hiding from malware, including keyloggers, is not the point of these tools.
Allowing you to use and choose more secure passwords and use them more securely across all of your different logins — that’s why you want to use a password vault.