Keystroke or save Password?

dalewrangler · 01-16-2008, 09:00 PM

I searched the forum but could not find an answer to this question. Which is considered safer....keystroke the password every time you visit the site......or have the computer remember it for faster access to the site? I have anti-virus....firewall turned on....and spyware running on vista home premium.. Thanks, dale

ejames82 · 01-16-2008, 11:14 PM

i think that's a great question.
either way the "bad guy" has to access your computer.
my theory is, that the "bad guy" has to "pay attention" at the exact moment in time that you type it in, if done by keystroke (unless, of course, they have some kind of storage device that they're willing to review manually). where as, if done by "having the computer remember" the info is there waiting like a sitting duck, always there, vulnerable (they just have to know where to find it).
i am not much more than a newbie, as i would like to hear more knowledgeable opinions and explanation about this subject myself, but in my opinion, the keystroke method is safer.

RaulGonzales · 01-18-2008, 07:53 AM

You can delete cookies and history for you Browser.
The password dose not show or remember.

Sorry, I am bad Language.

**Glaswegian** · 01-18-2008, 12:02 PM

Deleting cookies or history or cache will not clear passwords unless you have them set to clear specifically. As ejames82 has said, having a password stored on your system is indeed a risk, as is typing in the password - you may have a keylogger installed ready to capture the password.

How secure is your system? That's the key question - have a look here for some general security tips

PC Safety and Security--What Do I Need?

You are running Vista, which has already proven itself to be pretty secure - we don't see many infected Vista systems at the moment. I guess there is no 'right' answer to your question. You have to weigh up the risks on each option and make your decision accordingly.

dalewrangler · 01-18-2008, 03:10 PM

Thanks...you have given me much to think about. Somewhere on this forum I read what sounded like a good suggestion. Type some of the password then switch to the address bar for a few strokes and then back to the password. Perhaps a Keylogger could not tell the difference in the keystrokes. Sounds reasonable to me.

ejames82 · 01-18-2008, 09:05 PM

dalewrangler,
are you saying that your plan is to mix in decoy keystrokes? i must admit that that is an interesting idea. i think it would work. perhaps the "bad guy" can't tell where you're putting the letters and numbers.

here's a little extra info for you.

http://www.bleepingcomputer.com/tuto...utorial99.html
tracking a hacker

http://www.bleepingcomputer.com/tuto...utorial24.html
windows forensics: have i been hacked?

01-16-2008, 09:00 PM	#1 (permalink)
dalewrangler Registered User Join Date: Oct 2007 Posts: 9 OS: vista home premium	Keystroke or save Password? I searched the forum but could not find an answer to this question. Which is considered safer....keystroke the password every time you visit the site......or have the computer remember it for faster access to the site? I have anti-virus....firewall turned on....and spyware running on vista home premium.. Thanks, dale

01-16-2008, 11:14 PM	#2 (permalink)
ejames82 Registered User Join Date: Oct 2006 Posts: 396 OS: XP	Re: Keystroke or save Password? i think that's a great question. either way the "bad guy" has to access your computer. my theory is, that the "bad guy" has to "pay attention" at the exact moment in time that you type it in, if done by keystroke (unless, of course, they have some kind of storage device that they're willing to review manually). where as, if done by "having the computer remember" the info is there waiting like a sitting duck, always there, vulnerable (they just have to know where to find it). i am not much more than a newbie, as i would like to hear more knowledgeable opinions and explanation about this subject myself, but in my opinion, the keystroke method is safer.

01-18-2008, 07:53 AM	#3 (permalink)
RaulGonzales Registered User Join Date: Jan 2008 Posts: 4 OS: xp	Re: Keystroke or save Password? You can delete cookies and history for you Browser. The password dose not show or remember. Sorry, I am bad Language.

01-18-2008, 12:02 PM	#4 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 25,427 OS: Win XP Pro SP3 / Win 7 Pro My System Blog Entries: 10	Re: Keystroke or save Password? Deleting cookies or history or cache will not clear passwords unless you have them set to clear specifically. As ejames82 has said, having a password stored on your system is indeed a risk, as is typing in the password - you may have a keylogger installed ready to capture the password. How secure is your system? That's the key question - have a look here for some general security tips PC Safety and Security--What Do I Need? You are running Vista, which has already proven itself to be pretty secure - we don't see many infected Vista systems at the moment. I guess there is no 'right' answer to your question. You have to weigh up the risks on each option and make your decision accordingly. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner

01-18-2008, 03:10 PM	#5 (permalink)
dalewrangler Registered User Join Date: Oct 2007 Posts: 9 OS: vista home premium	Re: Keystroke or save Password? Thanks...you have given me much to think about. Somewhere on this forum I read what sounded like a good suggestion. Type some of the password then switch to the address bar for a few strokes and then back to the password. Perhaps a Keylogger could not tell the difference in the keystrokes. Sounds reasonable to me.

01-18-2008, 09:05 PM	#6 (permalink)
ejames82 Registered User Join Date: Oct 2006 Posts: 396 OS: XP	Re: Keystroke or save Password? dalewrangler, are you saying that your plan is to mix in decoy keystrokes? i must admit that that is an interesting idea. i think it would work. perhaps the "bad guy" can't tell where you're putting the letters and numbers. here's a little extra info for you. http://www.bleepingcomputer.com/tuto...utorial99.html tracking a hacker http://www.bleepingcomputer.com/tuto...utorial24.html windows forensics: have i been hacked?