Helping people with computers... one answer at a time.

Regardless of what techniques a password utility might use, it is possible that it could still be logged, even if it bypasses the keyboard.

Do you know if a keylogger can read a password that Roboform2go fills in that is displayed only as dots on a site's web page?

In this excerpt from Answercast #56, I take another look at keylogging software and what it may be capturing from an infected machine.

What keyloggers can see

Do I know for certain? No. The fact is that keyloggers should more correctly be considered to be "activity" loggers.

A couple of things are going on here. One is: just because something is displayed as dots doesn't mean that the keystrokes weren't given to the system as keystrokes.

Dots are common; that's typically how Password fields (the fields into which you type your password) will display the characters that you've typed in. They do that so that somebody walking by can't see your password on the screen: they're replaced by asterisks or dots.

How is the activity entered?

Now, is Roboform2go entering keystrokes? I don't know. Are they bypassing keystrokes and doing something else fancy?

But you know what? It doesn't matter.

If you've got keylogging software on there, it could be logging anything! It could be logging all of the techniques that RoboForm or any other password software could be using. It could log any of that. And it could capture any of that.

A keylogger is malware

The bottom line is...if you've got a keylogger on your machine, you've got malware on your machine and malware can do anything:

  • They can log your activity.

  • They can know what keystrokes were hit.

  • They can know what was on the screen.

  • They can know what was pasted in through the Clipboard.

  • They can know what was passed in under the table using backhanded Windows APIs that maybe some of these password utilities try to use to avoid common keystroke loggers.

You just don't know. It is very possible that regardless of what techniques this password utility uses it could still be logged regardless of how it bypasses the keyboard and what's displayed on the screen.

Internet safety

If you can't trust the machine you're about to enter a password on (and it doesn't matter how you enter it), then you probably shouldn't enter your password! There are too many ways that it can still be recorded.

Article C5854 - September 26, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Dan
September 28, 2012 10:07 AM

Another way to explain it (overly simplified), is when you hit a key, it is put in a buffer in memory - that is why you can type ahead. Think of it as a tube. you are throwing characters in one end - by keyboard, or copy/pasting or through some other 3rd party software like Roboform2go. Programs (like email, word, games ...) know where the buffer is, and are waiting at the other end of the tube, and grabbing the characters as they come out. Keyloggers know where that buffer is also, and all they are doing is recording what is entering into the tube. If Roboform2go is entering passwords, it is most likely sending them into the tube just as if you were typing it on a keyboard.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.