#1 secure master password entry

open
nobody
None
5
2012-09-17
2002-01-15
Anonymous
No

Hi Jim,

Bruce Schneier has mentioned another software like
Password Safe with a feature for better securing the
master password (look for cryptgram newsletter, long
ago): it displays a dialog with a keyboard, and you
have to enter the master password with mouseclicks --
this will disable key loggers. In addition, the layout
of this 'on screen keyboard' is random and will change
with every click from the mouse, thus disabling mouse
recorders. Whoever wants to get the password, will
have to look on the screen...
This would be a nice feature to have.

So long
Friedrich

Discussion

  • Derek W.
    Derek W.
    2002-02-07

    Logged In: YES
    user_id=428464

    This might be nice sometimes (if you're on an
    untrusted/shared machine), but it should definately be
    optional. It is not uncommon for me to be working with
    others and I need to enter a password with them sitting
    next to me. This is not really a problem with a masked edit
    control, but a visual one-click-at-a-time method would
    leave me fairly open to password theft as well. (From the
    person next to me, behind me, on the next computer over,
    etc...)

    The thought is really an intersting one though. Being able
    to defeat keyloggers seems to be getting attention,
    especially as the "scarfo" case hits the US courts.

     
  • Pete Klammer
    Pete Klammer
    2002-04-24

    Logged In: YES
    user_id=525423

    I second that emotion! Yes: a method to enter the "Safe
    Combination" without keystrokes; yes, please! Now, if
    there were a way to prevent shoulder-surfing at the same
    time ...