5 Ways to Protect Yourself Against Keyloggers

Gavin Phillips Updated 30-07-2018

Keyloggers are one of the most well-known and feared security threats on computers today. Keyloggers carry a fearsome reputation for several reasons, not least because they’re hard to detect, but because the direct damage to your life extends well beyond the computer and screen in front of you.


Keylogging malware is, unfortunately, very common. More often than not a malware variant packs a keylogger for maximum damage and to compound the attacker’s investment. Luckily, there are several methods to protect your system from a keylogger. And while no defense is perfect, these five steps drastically improve your chances.

What Is a Keylogger?

Before looking at how to mitigate a keylogger, consider what a keylogger is and where they come from.

A keylogger is consistent to its name. The term refers to a malicious computer program that captures and records your keystrokes; that’s every word, character, and button you press on your keyboard. The keylogger sends a record of your keystrokes to the attacker. This record might contain your banking logins, credit and debit card details, social media passwords, and everything else in-between. In short, keyloggers are a dangerous tool in the battle against identity and financial fraud.

The overwhelming majority of keyloggers are bundled with other forms of malware. In the “old” days, the malware delivering a keylogger would remain silent for as long as possible. That means, unlike other virus and malware variants, files remain intact, there’s a little system disruption as possible, and you continue using your system as normal.

However, that’s not always the case. For instance, the recently discovered MysteryBot targets Android devices with a banking Trojan, a keylogger, and ransomware—that’s quite the combination. But by-and-large, a keylogger will feature as part of a large exploit kit that grants an attacker control over various aspects of your system.


There’s another common variety of keylogger you hear about, too, but not something you immediately think about. Have you got it yet? That’s right; card readers and skimmers, and other point-of-sale malware deploy keyloggers to copy your PIN to use later. The PoSeidon malware is a prime example of this type of scam.

Now you know, how can you protect yourself?

5 Ways to Protect Yourself Against Keyloggers

Protecting against keyloggers covers a fairly standard security spectrum. That is, your online and personal digital security needs this level of protection on a day-to-day basis. There’s a lot more than just keyloggers out there.

1. Use a Firewall

In most instances, the keylogger has to transmit its information back to the attacker for it to do any harm. The keylogger must send data out from your computer via the internet. As your internet passes through a firewall (for instance, Windows Firewall is a default security setting for Windows 10 systems), there’s a chance it will realize something isn’t quite right.


That said, there’s also a stronger chance it won’t detect an issue. An easily terminated keylogger isn’t much use to the attacker. The Windows Firewall is an excellent option for most users, but several excellent third-party firewall options come with extensive functionality. Unsure where to start? Check out these seven third-party firewall options to get started 7 Top Firewall Programs to Consider for Your Computer's Security Firewalls are crucial for modern computer security. Here are your best options and which one is right for you. Read More .

A firewall alone might not stop a keylogger or its associated malware, but it is better to have one than not.

2. Install a Password Manager

One constant piece of security advice is to update and change your passwords (along with using a strong single-use password to begin with). But, let’s face it: it’s really hard to remember tens of 16-character passwords for the staggering number of sites most of us use. Keyloggers are effective in their simplicity; it copies the keystrokes and logs the information. But what if you never actually typed a password?

Most password managers use autofill functionality to provide a master password that unlocks a specific account. Your password still works, you’re already browsing your Twitter feed, and all without typing. Sounds great, right?


Unfortunately, a password manager can only get you so far, for a few reasons.

  1. Some password managers don’t copy and paste your password. Instead, they use an auto-type function to input the password. Any keylogger worth its salt will copy virtual keystrokes, too. But…
  2. …A sufficiently well-designed keylogger will also periodically take screenshots as well as record the contents of the clipboard.
  3. Some dangerous advanced malware variants will target offline password databases, stealing the entire list rather than one at a time.

Now, all is not lost. For example, KeePass negates the first and second issue using Two-Channel Auto-Type Obfuscation (TCATO). TCATO basically splits the password down into two subparts, sends both to the clipboard, then merges in the password field. However, by their admission, TCATO isn’t 100% secure, noting that “it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type.”

The point of a password manager wasn’t to stop keylogging. However, if you do encounter a keylogger and you have a password manager installed, there’s a chance you only lose the strong single-use password for one account, rather than every password for every account you own. Check out this comparison of five password manager services to get you started.

3. Update Your System (And Keep It That Way)

Being proactive about system security is always a good idea. One of the most important parts of a proactive defense is keeping your system up to date. That includes your operating system as well as the applications and programs you run on it. Keyloggers and other malware look for exploits in outdated software and can take advantage of them, sometimes without you knowing anything is wrong.


Security researchers find new exploits all of the time. Some are relatively benign. Others are patched immediately by the developer. But others still become critical exploits used to expose your computer to malware.

Particularly rare and unreleased vulnerabilities are known as zero-day exploits and carry a significant threat 5 Ways to Protect Yourself from a Zero-Day Exploit Zero-day exploits, software vulnerabilities that are are exploited by hackers before a patch becomes available, pose a genuine threat to your data and privacy. Here is how you can keep hackers at bay. Read More . Indeed, the CIA ran into trouble when it emerged hackers had liberated their previously unknown and top secret zero-day vulnerability stockpile Cybercriminals Possess CIA Hacking Tools: What This Means for You The Central Intelligence Agency's most dangerous malware -- capable of hacking nearly all wireless consumer electronics -- could now sit in the hands of thieves and terrorists. So what does that mean for you? Read More , releasing powerful exploits into the wild—leading directly to the enormous WannaCry ransomworm The Global Ransomware Attack and How to Protect Your Data A massive cyberattack has struck computers around the globe. Have you been affected by the highly virulent self-replicating ransomware? If not, how can you protect your data without paying the ransom? Read More .

Updating software isn’t always convenient, but it could save you and your system from serious trouble down the line.

4. Consider Additional Security Tools

The default security options for Windows 10 and macOS are okay, but you should always consider bulking that security out for maximum protection. Check out our list of the best security and antivirus tools for your system The Best Computer Security and Antivirus Tools Concerned about malware, ransomware, and viruses? Here are the best security and antivirus apps you need to stay protected. Read More . These are Windows-focused, but many have macOS equivalents and are worth the small investment.

If you want security tools that specifically target keyloggers, check these two free options out:

  • Ghostpress: a free anti-keylogger with an extremely small performance footprint. Features Process Protection to stop any other program terminating Ghostpress.
  • KL-Detector: a basic keylogger detection tool. Once you detect a keylogger, it’s up to you to remove it, but the tool will alert you to the keyloggers presence.

Another worthwhile investment is Malwarebytes Premium 5 Reasons to Upgrade to Malwarebytes Premium: Yes, It's Worth It While the free version of Malwarebytes is awesome, the premium version has a bunch of useful and worthwhile features. Read More . Unlike the free version, Malwarebytes Premium constantly monitors your system for potential threats. This alone drastically cuts your chances of picking up something nasty.

5. Change Your Passwords

If you suspect something is wrong, use a different computer to change your passwords. The measures listed above should provide ample protection against keyloggers, but there always seems to be people who have their passwords stolen even though they did everything right.

Frequently changing your passwords will help minimize the potential damage of a keylogging attack. Your password may be stolen, but it would be uncommon for it to be stolen and used immediately unless that keylogger was targeted directly at you (in which case you may have bigger problems than keylogging!). If you change your password every two weeks, your stolen information will no longer be useful.

Remove Your Keylogger…

These methods will help protect against keyloggers by decreasing their opportunity to infect your PC with malware. Furthermore, you’re taking steps to isolate the amount of data a keylogger can access in the event you happen to pick one up. And, although you can never have 100% protection, you can certainly empower yourself and your system in the battle against malware The Complete Malware Removal Guide Malware is everywhere these days, and eradicating malware from your system is a lengthy process, requiring guidance. If you think your computer is infected, this is the guide you need. Read More .

Related topics: Computer Security, Keylogger, Malware.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Barbie
    November 1, 2018 at 2:32 am

    What if your keylogger is a government agency? How the heck do you deal with that? I have a firewall up, I have Anti-Virus, keep programs update, change passwords; however, as I am typing I can see the font size change or the place where I am typing goes somewhere else in the paragraph. Is my voice that important? I am just a Grandma researching the laws.

  2. Ramesh Tapas
    July 31, 2018 at 2:52 pm

    Excellent information

    • Gavin Phillips
      July 31, 2018 at 3:18 pm

      Thanks, Ramesh.

  3. Manny
    July 31, 2018 at 9:53 am

    I have used the tracker and it worked perfectly and the service provided was awesome. The tech guys were very helpful and fast (even with all my questions). The tracker lasts for a lifetime, I use it whenever I want again, best investment (I did get my answers) and the service was totally outstanding. I highly recommend the rootgatehacks company and service if you ever need to track anything or anyone. I will for sure come back for them again if ever needed in the future. You can google them for more information