Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
Out of all the different kinds of malware lurking on the internet, a program that watches you type doesn’t sound scary. Unfortunately, if they do sneak onto a system, they can cause some devastating privacy issues for the victim.
Let’s explore keyloggers, what they do, and how to protect yourself.
What Is a Keylogger?
A keylogger’s purpose is self-evident from the name. It silently installs itself on your computer and begins logging everything you type. It then sends the data back to the hacker, who now has a full record of everything you wrote that day.
Keyloggers don’t use any unique methods to spread onto computers. You’ll find them in phishing emails, infected links, and malicious downloads.
What makes them scary is how silent they are; unlike ransomware where it becomes immediately apparent you’re under attack, a keylogger can theoretically hang around your computer until you find it. This trait means users can be using a PC infected with a keylogger for long periods without realizing it.
How Keyloggers Can Be Devastating
You may be wondering what’s so bad about a program that monitors your typing. What does it matter if a hacker gets to see your Facebook posts, your grocery list, or what you press when playing a video game?
Things get scarier when you think about the sensitive information you type on a keyboard. For instance, say you’re writing a work email containing very private information. If a keylogger is on your system, the hacker will be able to read everything you’re writing about and can compromise company privacy.
Similarly, imagine you have a bank account with Hello Banking. Your user ID is 110673, and your password is “opensesame.”
Now imagine that you decide to check your bank balance while a keylogger is on your system. You access the webpage, type in your ID and password, and log into the site. The hacker will see the following:
It’s not too much of a stretch for the hacker to assume that the bits of data after the URL are your ID and password. Using this information, they can log into your bank account with the details you “gave” to them.
In short, imagine you’re using a public PC and someone is looking over your shoulder at all times. What kind of data would you feel uncomfortable typing, knowing that someone is watching your every move? That data is what you want to protect from a keylogger.
How to Defend Yourself Against Keyloggers
Fortunately, while keyloggers can be a devastating privacy breach, they’re not tricky to defeat. Defending yourself requires another layer of security to prevent hackers from compromising your accounts.
1. Install a Strong Keylogger Detector or Antivirus
The first plan of action is to ensure your computer’s shields are strong enough to repel a keylogger. Any good security program will spot the tell-tale behavior of a keylogger and prevent it from installing itself.
As such, it’s worth getting a well-received antivirus to deal with these attacks. You don’t need to pay much for a good antivirus—some excellent solutions are even free.
If you are not sure where to start with security software, it’s worth trying the best free antivirus software available.
2. Add Two-Factor Authentication (2FA) to Your Accounts
If you can, you should add 2FA to your accounts to stop keyloggers. 2FA usually comes in one of two styles; a temporary code, or a secondary password that you don’t type out. Either one is effective against keyloggers.
Using a Temporary Code to Protect Your Account
Temporary code 2FA methods require an additional password when you log in. This password is usually a small code emailed to you, texted to you, or generated using an official app. You then enter the code into the login page to access your account.
The good thing about this method is that the codes are one-time use. Let’s imagine that in the above Hello Banking example, a code is texted to your phone when you log in. When you enter the code into the website, the hacker will also see this code.
Fortunately for you, however, it’s a temporary code. If the hacker tries to use the same code you do, the website informs them that it has expired. As such, while the hacker has your username and password, they can never gain access unless they also control the means through which you get your 2FA codes.
If you want to lock down your online presence against keyloggers, there are ways to secure your Gmail, Outlook, and other accounts using 2FA.
Using a Secondary “Partial” Password to Confuse Keyloggers
Have you ever used a service where they ask for a password, but they never ask for it in full? They may ask you for the second, fifth, and eighth character of your password instead. This method is a smart way of defeating keyloggers from compromising your account.
Let’s say your Hello Banking password is still “opensesame,” but you have a secondary password which is “ineedbetterpasswords.” When you log in, the website asks for the third, fifth, and seventh character of your secondary password. You enter “e,” “d,” and “e,” which grants you access to the website.
Now when the keylogger transmits your data to the hacker, they’ll see your password like this:
Even if the hacker knows that the “ede” at the end is part of your secondary password, it doesn’t tell them anything. There are no context clues on what your secondary password is, or where those three characters appear in it.
Even better, some websites let you pick the characters of your secondary password using dropdown menus. Instead of using your keyboard to type the character, you click with your mouse. This avoids the keylogger altogether and denies the hacker any clues about your secondary password.
3. Use a Password Manager
A hacker can’t get your password if you never physically type it. Password managers automatically fill in your details when you go to log in, so you don’t need to type a thing. This feature skirts around a keylogger’s detection and ensures your account is safe from monitoring.
If you’re new to the world of password managers, why not read up on the best password managers for every occasion?
4. Input Sensitive Data Without Using the Physical Keyboard
This tactic is probably redundant if you’ve performed the above options, but it’s worth doing if you suspect a keylogger is active. When you need to enter sensitive data, do so without typing it out on the physical keyboard.
You can copy-paste the information from another source, or use your computer’s virtual keyboard to click on the letters you want to input.
If your computer supports text-to-speech, you can use that too; just be sure nobody nearby will listen in on you spelling out your password, or you’ll have more significant problems than keyloggers.
Learning About Keyloggers
At first, keyloggers seem pretty harmless. Once you think of the repercussions of a program logging everything you type, it’s easy to see how they can be so devastating. By keeping your wits about you, installing a good antivirus, and handling your passwords better, you can defeat these malicious programs.
Want to learn how to keep keyloggers at bay? Be sure to read up on the ways to protect yourself against keyloggers.