Keyboard/Password Security

[Info Tech Geek]

Is there a way via keystroke or maybe somthing I can attach to the computer to change the way Windows picks up the keyboard during the password portion only? I was thinking, it would be nice to have a feature to re-map or change the format of the keys so when you type in your password you maybe typing Pass197, but only the system knows the real password and it can only be copied if someone knows the setting or the mapping of your keyboard.

I hope this isn't too lame, I just thought it would be a good concept.

[SirDice]

Changing the keymap should be easy to implement. The problem is knowing when to switch and when to switch back.

[Info Tech Geek]

I thought so,

Do you know anything about this? Do you think it would be effective or more of a hassle?

[MURACU]

If I understand right you just want to stop other people form seeing what you are typeing when you log in. The keymap may be changed in the control panel on windows machines. In 2K you do this using the keyboard configuration utility. It would stop anyone from seeing your password and using it on an other machine.
It wont help much if someone tries to type your password on your computer or if they sniff your password of the network.
The other thing is you would need the computer to boot in one with one keymap loaded and have it change to another one when you logon. It should be possiable but I havent looked into it yet.

[SirDice]

Originally posted here by Info Tech Geek
Do you know anything about this? Do you think it would be effective or more of a hassle?

I know a thing or 2 about programming but I think this will turn out to be a real hassle.
It would mean writing something that plugs in (or replaces) the keyboard driver.
And the biggest problem will be logging on on another computer that doesn't have this 'plugin'. If you want to use it to prevent shoulder surfing, it's no use. Just press the exact same keys you did. All in all I think it adds nothing to your security. What are you trying to protect?

I hope you didn't mean hardcoding the password in this "plugin" because that will eventually backfire anyway (I'm reading the book 'Hacker Disassembling Uncovered' ).

[mohaughn]

Using a securid passtoken, or a usb dongle would be far easier and alleviate the problems of shoulder surfing or password sniffing.

[dopeydadwarf]

Not exactly what you are suggesting or thinking. But how about using a finger print scanner instead. Let the folks shoulder surf, what are they gonna steal your hand while you aren't looking?

I encountered a virus once that switched the keys all around.

Perhaps you could write it to allow from a password list. But the trick is once you use that login say twice, it is no longer valid. This would be a big list to remember. But then you get into securing the list. Or you could have it accept a login once, then placing a nex txt somewhere on the HD for example. Containing the new login info. You'd have to remember a new login everytime. Plus you'd have to protect the program, and the list if applicable.

Don't missunderstand me however. It is a good idea, but would be hard to use and achieve any extra security.

[.:front2back:.]

Originally posted here by dopeydadwarf
Not exactly what you are suggesting or thinking. But how about using a finger print scanner instead. Let the folks shoulder surf, what are they gonna steal your hand while you aren't looking?

Now that is the funniest thing i've read all day, thanks dopeydadwarf..
Now i could picture that, your asleep in bed, and the next thing you know you wake up in the morning to find yours arms have been severed off, you walk into the computer room to find your blood stained limbs hanging from the computer.

Ahh i've got a wild imagination.

Anyhow it would be cool if this program was available, i know i would defiantly give it a try, sounds interesting.
cheers
.:front2back:.

[Tim_axe]

I suppose that it would work against a PS2 (aka Hardware) Keylogger...but if the strokes are translated by an input driver wouldn't a software based keylogger pick up the interperted keystrokes also? If the program itself took the keystrokes and translated them itself internally instead of via a driver, then it might escape a software keylogger. But if somebody else typed in what they logged normally into your program it would be interperted correctly and would be useless. IMHO, using the Windows Accessability Options (OnScreen Keyboard) might be a better choice, especially against hardware keyloggers. The PS2 port is one way (I'm pretty sure), so a hardware keylogger won't be able to ask Windows what is being inputted.

Originally posted here by dopeydadwarf
Not exactly what you are suggesting or thinking. But how about using a finger print scanner instead. Let the folks shoulder surf, what are they gonna steal your hand while you aren't looking?

ROFL. That was funny. But it could happen... (see pic)


*Disclaimer: Attached picture is not real, it was "faked," yet not photochopped. Do not take it seriously, it goes with the above quote.

[gothic_type]

Why write a program to check the password. You should still be able to use the normal windows login, and just either change the layout in accessability options, or write a prog to mess up the keymap. That would mean that even if someone was shoulder-surfing, they couldn't just type it into another comp, and would stop you from hard coding a password.

Obviously, if there is a software keylogger, that isn't much use, but hey...if there was a software keylogger on the system, it wouldn't really matter what you did. The best way to protect yourself from that would be to remove any keylogger from your system.

ac