Have anyone ever told you before that it is risky to use a public computer (such as an Internet cafe) to surf the Web and login to all your online accounts? The main reason for this is because there could be keylogger software or spyware installed in the public terminal that can capture your username and password when you type on the keyboard. Can you imagine your email/bank/Paypal password being stolen? What loss would it cause to you?
KYPS is a Web service that allows you to log into your account from a public computer without disclosing your password to that computer. The way KYPS works is very simple: You register your website (be it an email account or any login site) with the KYPS server. Based on the username and password that you have provided, KYPS will encrypt the password and generate a list of one-time codes that you can use to login to your account.
Everytime you want to login to your site, KYPS will prompt you to enter the code from a certain pad. It will then decrypt the code, rebuild the password and auto-login to your site. After that, that particular code will be rendered useless. Even if there is a keylogger software that logs the one-time code, it won’t be able to login to your site. The image below show a graphical explanation of the whole process.
When you first use KYPS, you are required to register your login account with them. During the registration, you are asked to enter your username and password. From here, you can choose how many one-time codes you want to generate. The more codes you generate, the more times you can login to your site without using the actual password.
The length of the one-time code is the same as the length of your password. If your password is 7 characters long, your one-time code will also be 7 characters long.
Once you have submitted the registration, it will prompt you to download a PDF file that contains your list of one-time codes. This is what it will look like:
The number on the left of each column is the pad while the string of characters on the right is the one-time code. Whenever you want to login to your site, KYPS will ask you to enter the code with number XXX. You just match the number to your list, enter the corresponding code and you will be securely logged in to your site.
In case you are worrying that KYPS is a phishing site that is out to collect your password, you can be assured that the password you have entered is not stored in the database. It is only used to generate the one-time codes and will be deleted after that.
If you are still not convinced, you can leave out the password field when registering your site. KYPS will then bring you to another site where you can disconnect your computer from the network and use the java applet to generate the one-time code.
Apart from logging you into your account, KYPS also acts as a reverse proxy that you can use to hide your online trace. All of the website is delivered with the “https” protocol and the URL does not contain the original link of the webpage. In this way, your privacy is protected and you don’t have to worry about other people finding out which sites you have been to.
KYPS may not be the only way to fight against keyloggers, but it is definitely one good way that anyone can use to protect themselves. The only troublesome thing is that you have to pre-register your login accounts with KYPS on a keylogger-free/spyware-free computer before you can use the service on a public computer. If you have the sudden urge to log into an account that you did not register with KYPS, you have to subject yourself to the same risk as others.
In addition, if you have plenty of accounts, the generated codes will form quite a huge list (imagine 200 codes for each account). If you mind carrying a huge list of codes everywhere you go, then KYPS might not be suitable for you.
What other precautions do you take to protect yourself against keyloggers’ software?
More articles about: