Menu
▾
▴
#309 Use Keyfile for access
open
nobody
None
5
2013-09-02
2006-05-15
Anonymous
No
To defeate keyloggers, allow the use of keyfiles to
access the program.
As used in Truecrypt it seems to be very effective
where the user is allowed the choice of using a typed
password and/or a keyfile for access.
rfdancer
so the keylogger just has to copy your keyfile instead of logging your password? Not sure that would help security at all.
could be a nice option to simplify things though in general.
ssh keys are secure (if passworded, but a lot of folk don't set passwords on them) so could be a valid authentication method, doesn't really defeat keyloggers though as they can grab your ssh key password and the ssh key file itself, but at least it's two things they have to do.
As an FYI - KeePass (alternative password programs are available!) has an option to restrict access to the current windows account, and use that as all or part of its authentication. Just saying.
Note that the next version (3.32) will support YubiKey 2-factor authentication. Much more secure than keyfiles, not to mention cooler :-).
(Yubikey support has been available for quite a while in a separate branch. This version will support passphrase, passphrase + yubikey and yubikey-only authentication.)