Security Considerations
Virtual keyboards may be used in some cases to reduce the risk of keystroke logging. For example, Westpac’s online banking service uses a virtual keyboard for the password entry, as does TreasuryDirect (see picture). It is more difficult for malware to monitor the display and mouse to obtain the data entered via the virtual keyboard, than it is to monitor real keystrokes. However it is possible, for example by recording screenshots at regular intervals or upon each mouse click.
| last = Smith | first = David A. | title = Outsmarting Keyloggers | publisher = PC Magazine | date = 2006-06-21 | url = http://www.pcmag.com/article2/0,2817,1978513,00.asp | accessdate = 2009-11-16}}The use of an on-screen keyboard on which the user "types" with mouse clicks can increase the risk of password disclosure by shoulder surfing, because:
- An observer can typically watch the screen more easily (and less suspiciously) than the keyboard, and see which characters the mouse moves to.
- Some implementations of the on-screen keyboard may give visual feedback of the "key" clicked, e.g. by changing its colour briefly. This makes it much easier for an observer to read the data from the screen. In the worst case, the implementation may leave the focus on the most recently clicked "key" until the next virtual key is clicked, thus allowing the observer time to read each character even after the mouse starts moving to the next character.
- A user may not be able to "point and click" as fast as they could type on a keyboard, thus making it easier for the observer.
Read more about this topic: Virtual Keyboard
Famous quotes containing the word security:
“If we could have any security against moods! If the profoundest prophet could be holden to his words, and the hearer who is ready to sell all and join the crusade, could have any certificate that to-morrow his prophet shall not unsay his testimony!”
—Ralph Waldo Emerson (1803–1882)