Helping people with computers... one answer at a time.

Using a programmable keyboard to store passwords is a pretty good idea; but there are a few hidden issues to think about.

My friend has a programmable keyboard that stores the contents of the programmable keys in memory on the keyboard. He has most of his passwords to his favorite websites stored in these keys. He claims that this is a more secure approach than using a product like Roboform. If his computer is hacked, he says they still can't get into the memory in the keyboard. Is this a more secure approach than using a product like Roboform?

In this excerpt from Answercast #38, I look at a programmable keyboard that is being used to remember and enter passwords.

Programmable keyboard

In my opinion, it is not.

It's probably about as secure as Roboform. Perhaps a little bit less so; because it sounds like it might be giving him a false sense of security against a few other things.

Keystrokes can be logged

For example, if his system is ever infected with a key logger, then those keystrokes coming from his keyboard... well:

  • They look like keystrokes coming from a keyboard;

  • And they will be logged by a key logger.

  • Regardless of the fact of whether or not he physically typed them in;

  • Or used some kind of a smart key to type them in for him.

The other problem, of course, is that the passwords are stored somewhere. Someone could, using the keyboard physically, accidentally step across what those passwords are by accidentally taking the keystroke.

There are just a few ways that could go wrong and that has me somewhat concerned.

Secure passwords

In my mind, it doesn't really give you any real additional security over a product like Roboform or LastPass (as I happen to use).

It also seems fairly limited in its flexibility in that:

  • It's that keyboard, and only that keyboard, that you can use to do what you're doing.

If you ever want to use more than one computer (as many of us now do, both with our mobile devices and tablets and sometimes quite literally more than one computer), you're not really gaining any benefit there.

It's a good approach

So I think it's a fine approach, I really do. I mean it's certainly better than having it written it down on a Post-it note next to your keyboard.

But, I would be concerned that it's giving him, maybe, a little bit of a false sense of security, and that it's not necessarily giving him all the security he might otherwise have were he to use a program like Roboform or LastPass.

Article C5626 - July 26, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Ken B
July 27, 2012 8:58 AM

Another question for the friend... How many different passwords are stored, and how does he remember which password goes to which site? (Or has he taken the "easy way" out, and used the same password everywhere?)

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.