Will Using an On-Screen Keyboard Stop Keyloggers?

Don’t bother.

I'll explain how keyloggers work, why a virtual keyboard doesn't help, and how to keep your typing safe.
A close up of a Corgi attempting to use the Windows virtual keyboard displayed on a Windows 11 computer screen.
This keyboard has other problems, and it still won’t help. (Image: Gemini)
Question: Will using the on-screen keyboard in Windows stop keyloggers?

No, it will not.

I get a surprising amount of pushback on this, but the truth remains: while virtual keyboards might stop some keylogging, it’s nothing you can count on to be 100% effective. It doesn’t stop most keyloggers these days.

Keyloggers are malware that record your keystrokes. The goal is to capture login usernames and passwords so hackers can get into your accounts. Let’s look at the various ways your keystrokes can be intercepted and logged.

TL;DR:

Screen Keyboards Don't Help

Using the keyboard on your screen does not stop keyloggers. It can block some, but not the smart ones. A keylogger can snap pictures of where you click and grab your passwords anyway. Keyloggers are just malware, and thus the real fix is to keep all malware off your machine.

The keyboard connection

When you type a key, a microprocessor within the keyboard sends signals via a cable or wireless connection to your computer.

Here we encounter the first point of vulnerability. No, not the microprocessor in the keyboard (technically possible, but exceptionally unlikely), but the cable — or rather, what the cable plugs into.

Public computers are particularly lucrative targets. Someone comes along and installs a physical device between the computer and keyboard that records every keystroke entered. Sometime later, they come back, remove the device, and take all the information that users entered.

Wireless keyboards can be worse, because they broadcast the keystrokes you’re typing. Any receiver within range can listen in. Wireless keyboards encrypt their data, so in theory the information should be safe, but the quality of the encryption varies based on the age and make of the keyboard. In addition, the concept of “in range” turns out to be further than most people think, particularly for a thief with equipment dedicated to this purpose. They don’t need malware on your machine, they just need to be “close enough”. Unfortunately, whether that means they need to be in the same room or maybe just outside isn’t clear since it varies from keyboard to keyboard.

On-screen keyboards protect you against those two specific keyboard-related threats because they bypass the components of the keyboard hardware that could be compromised.

The bad news is that hardware-based keyloggers are rare. Software-based threats are more common.

Ask Leo! is Ad-Free!
Help keep it going by becoming a Patron.

The keyboard software

While hardware-based threats operate outside your computer, software-based threats are malware running on your computer.

Once your keystrokes arrive at the computer from the keyboard, they are processed by a keyboard device driver, which (to oversimplify) translates the keyboard scan codes to the letters, numbers, and symbols Windows applications expect.

Keyloggers typically insert themselves into the receiving end of this process: they get the keystrokes from the keyboard as they are passed on to Windows.

This is where the on-screen keyboard scenario gets interesting. The on-screen keyboard application is a virtual keyboard. It has its own device driver that makes it look like a real keyboard to Windows.

As a result, the keystrokes it sends to Windows can easily be captured by the same keylogging software that captures keystrokes from the real keyboard, if that keylogger has been installed in the proper place.

A keylogger is just malware

The two most important concepts to remember are these:

  • Keyloggers are just malware.
  • Malware can do anything.

What you might call a keylogger can capture more than keystrokes. Let’s say you use the on-screen keyboard by using your mouse to point and click at the image of a key on the keyboard. A keylogger could, then, for every mouse click:

  • Capture the location of the mouse on the screen.
  • Capture a screenshot image of the screen, or just the area “around” the mouse pointer.

The keylogger, then, has captured a series of images showing exactly where you clicked and in what order. In other words, it’s captured your virtual keystrokes: your mouse clicks and what you clicked on.

Note that this approach to keylogging bypasses one of the more common so-called security techniques of randomizing the keyboard layout on the screen. You still have to see where to click, and the logger simply logs what you see and where you click, regardless of how the keyboard is laid out.

And that’s just one technique any malware could use to capture what you’re entering.

Keyloggers as threats

How big a threat is all this?

In my opinion, “normal” keyloggers — those that record only keystrokes — are a fairly common threat, and are one reason why security software, general internet safety, and the use of common sense are so important. So yes, they’re out there, in the same way that any malware is “out there” trying to get you to install it on your device.

The real question is, how pervasive are the more sophisticated keyloggers, which capture more than keyboard keystrokes using other techniques to effectively achieve the same result?

It’s hard to say. But again, keyloggers are “just” malware. If they’re on your machine at all, you have a problem, and that problem may not be limited to logging what you type. Like any malware, you might not even realize it’s there until it’s too late. As a result, focusing on solutions targeted only at thwarting keyloggers is not only misguided but diverts your attention from a much bigger problem.

If you have a keylogger, you have malware.

Do this

Focus on preventing or removing malware of all sorts, and you’ll be avoiding or removing keyloggers as a side effect.

Do not rely on a virtual keyboard of any sort as a security measure.

Something you can rely on? My weekly newsletter! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

2 comments on “Will Using an On-Screen Keyboard Stop Keyloggers?”

  1. I had never heard of a keyboard or keystroke encryption until two days ago. Today, I found a report that AI had now been successful at logging keystrokes. I have found nothing yet that will remove a rootkit or keylogger. Is there any hope? What about the handheld devices (OCR?) that can scan written or typed (not from keyboard!) images and transfer the copied text into a password manager or login form?

    Reply
    • As mentioned in the article above, keyloggers are just malware. Treat them as such by having good security software and practicing safe computing. I don’t see how AI has anything to do with it, other than a scare tactic.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.